Windows Analysis Report
SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe

Overview

General Information

Sample Name:	SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe
Analysis ID:	800798
MD5:	97011b19f2683a918f1f07f7f4ec1998
SHA1:	4b486d0b67994fabe961787f5facdf9a0e3f6672
SHA256:	c1469167b9700aeca987573c023ec7f160dadf8309a7a4feb2cd1969ad66673e
Tags:	exe
Infos:

Detection

Score:	32
Range:	0 - 100
Whitelisted:	false
Confidence:	40%

Signatures

Multi AV Scanner detection for submitted file

Multi AV Scanner detection for dropped file

Machine Learning detection for sample

Machine Learning detection for dropped file

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Antivirus or Machine Learning detection for unpacked file

Contains functionality to shutdown / reboot the system

Detected potential crypto function

Stores files to the Windows start menu directory

Contains functionality to dynamically determine API calls

Found dropped PE file which has not been started or loaded

IP address seen in connection with other malware

Creates a DirectInput object (often for capturing keystrokes)

Drops PE files

Creates a start menu entry (Start Menu\Programs\Startup)

Creates a process in suspended mode (likely to inject code)

Contains functionality for read data from the clipboard

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	ReversingLabs: Detection: 17%
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	Virustotal: Detection: 19%			Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Updater\ModSource UI Addon Pack Auto Updater Silent.exe	ReversingLabs: Detection: 23%
Source: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Updater\ModSource UI Addon Pack Auto Updater.exe	ReversingLabs: Detection: 17%
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	ReversingLabs: Detection: 14%

Machine Learning detection for sample

Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe

Joe Sandbox ML: detected

Machine Learning detection for dropped file

Source: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Updater\ModSource UI Addon Pack Auto Updater.exe	Joe Sandbox ML: detected
Source: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Updater\ModSource UI Addon Pack Auto Updater Silent.exe	Joe Sandbox ML: detected

Antivirus or Machine Learning detection for unpacked file

Source: 1.2.ModSource UI Addon Pack.exe.2c18226.6.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 1.2.ModSource UI Addon Pack.exe.2bed809.4.unpack	Avira: Label: TR/Patched.Ren.Gen

Uses 32bit PE files

Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\reticle_readme.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\readme_BattleBackground.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\Readme_Anachs_PreNGE_UI.txt	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\ModSource UI Addon Pack Uninstall.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Backup	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Backup\Ui	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_chat_window_skinned.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_mfd_status_skinned.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_all_targets.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_targets_skinned.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_secondary_targets_skinned.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_pet.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_sml_group_window.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_radar_skinned.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_pda_location_display.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_pda_exp_mon_skinned.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_pda_collections.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_buttonbar_skinned.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_hud_space.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_hud_space_buttonbar.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_toolbar_skinned.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_hud_space_toolbar.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_styles.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_palette_ground.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_palette_space.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_pda_net_status.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Backup\Texture	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\heavyweapons_reticule.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\reticle_readme.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_activate.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_attack.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_big.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_crafting.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_deactivate.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_death_blow.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_default.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_drag_bad.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_drag_scroll.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_drop.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_eat.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_equip.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_hourglass.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_intended_attack.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_mission_details.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_move.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_open.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_pickup.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_resize_hor.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_resize_se.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_resize_sw.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_resize_vert.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_stop_talk.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_talk.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_throw.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_trade_accepted.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_trade_start.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_unequip.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_use.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_target_inactive.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_background_arrow.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\readme_BattleBackground.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Backup\Sample	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_incoming_mail.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\item_fusioncutter_end.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_toggle_mouse_mode.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_use_toolbar.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_select_popup.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_button_arrow_back.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_button_arrow_forward.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_button_confirm.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_dialog_warning.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_increment_big.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_menu_close.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_rollover.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_select_info.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_select_rotate.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\item_open_metal_can_cntner.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\item_close_metal_can_cntner.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_negative.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Updater	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Updater\ModSource UI Addon Pack Auto Updater Silent.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\Readme ModSource UI Addon Pack.html	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\Changelog_PreNGE_UI.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\Readme_Anachs_PreNGE_UI.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Updater\ModSource UI Addon Pack Auto Updater.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Icons	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Icons\Readme.ico	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Icons\Web.ico	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Icons\Update.ico	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Icons\Uninstall.ico	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Uninstall the ModSource UI Addon Pack.exe	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\GoogleUpdater	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe

File created: C:\Program Files\StarWarsGalaxies\ModSource UI Addon Pack Uninstall.log

Jump to behavior

Source:

Binary string: q.pdB source: ModSource UI Addon Pack.exe.0.dr, ModSource UI Addon Pack.zip.0.dr

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	Code function: 0_2_00405368 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	0_2_00405368
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	Code function: 0_2_00405D3A FindFirstFileA,FindClose,	0_2_00405D3A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	Code function: 0_2_00402630 FindFirstFileA,	0_2_00402630
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Code function: 1_2_00405368 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	1_2_00405368
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Code function: 1_2_00405D3A FindFirstFileA,FindClose,	1_2_00405D3A
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Code function: 1_2_00402630 FindFirstFileA,	1_2_00402630

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 239.255.255.250 239.255.255.250

Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 07 Feb 2023 18:59:10 GMTServer: ApacheX-BP-NSA-REQID: (null) n.12UID=1146X-Content-Type-Options: nosniffUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 29 May 2018 23:27:39 GMTETag: "1b63-56d60947c10c0"Accept-Ranges: bytesContent-Length: 7011Vary: Accept-EncodingContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 2d 68 6f 72 22 20 20 20 20 20 20 20 63 6f 6e 74 65 6e 74 3d 22 6d 69 72 6f 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 69 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 33 20 64 61 79 73 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 20 20 20 20 20 20 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 49 4e 44 45 58 2c 20 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 20 20 20 20 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 68 65 69 67 68 74 3d 64 65 76 69 63 65 2d 68 65 69 67 68 74 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 38 30 78 31 38 30 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 70 6c 61 63 65 64 2e 6e 65 74 2f 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 70 6c 61 63 65 64 2e 6e 65 74 2f 66 61 76 69 63 6f 6e 2d 33 32 78 33 32 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 70 6c 61 63 65 64 2e 6e 65 74 2f 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 07 Feb 2023 18:59:10 GMTServer: ApacheX-BP-NSA-REQID: (null) n.12UID=1562X-Content-Type-Options: nosniffUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 29 May 2018 23:27:39 GMTETag: "1b63-56d60947c10c0"Accept-Ranges: bytesContent-Length: 7011Vary: Accept-EncodingContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 2d 68 6f 72 22 20 20 20 20 20 20 20 63 6f 6e 74 65 6e 74 3d 22 6d 69 72 6f 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 69 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 33 20 64 61 79 73 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 20 20 20 20 20 20 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 49 4e 44 45 58 2c 20 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 20 20 20 20 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 68 65 69 67 68 74 3d 64 65 76 69 63 65 2d 68 65 69 67 68 74 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 38 30 78 31 38 30 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 70 6c 61 63 65 64 2e 6e 65 74 2f 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 70 6c 61 63 65 64 2e 6e 65 74 2f 66 61 76 69 63 6f 6e 2d 33 32 78 33 32 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 70 6c 61 63 65 64 2e 6e 65 74 2f 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 07 Feb 2023 18:59:15 GMTServer: ApacheX-BP-NSA-REQID: (null) n.12UID=1888X-Content-Type-Options: nosniffUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 29 May 2018 23:27:39 GMTETag: "1b63-56d60947c10c0"Accept-Ranges: bytesContent-Length: 7011Vary: Accept-EncodingContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 2d 68 6f 72 22 20 20 20 20 20 20 20 63 6f 6e 74 65 6e 74 3d 22 6d 69 72 6f 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 69 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 33 20 64 61 79 73 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 20 20 20 20 20 20 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 49 4e 44 45 58 2c 20 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 20 20 20 20 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 68 65 69 67 68 74 3d 64 65 76 69 63 65 2d 68 65 69 67 68 74 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 38 30 78 31 38 30 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 70 6c 61 63 65 64 2e 6e 65 74 2f 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 70 6c 61 63 65 64 2e 6e 65 74 2f 66 61 76 69 63 6f 6e 2d 33 32 78 33 32 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 70 6c 61 63 65 64 2e 6e 65 74 2f 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 07 Feb 2023 18:59:15 GMTServer: ApacheX-BP-NSA-REQID: (null) n.12UID=827X-Content-Type-Options: nosniffUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 29 May 2018 23:27:39 GMTETag: "1b63-56d60947c10c0"Accept-Ranges: bytesContent-Length: 7011Vary: Accept-EncodingContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 2d 68 6f 72 22 20 20 20 20 20 20 20 63 6f 6e 74 65 6e 74 3d 22 6d 69 72 6f 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 69 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 33 20 64 61 79 73 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 20 20 20 20 20 20 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 49 4e 44 45 58 2c 20 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 20 20 20 20 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 68 65 69 67 68 74 3d 64 65 76 69 63 65 2d 68 65 69 67 68 74 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 38 30 78 31 38 30 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 70 6c 61 63 65 64 2e 6e 65 74 2f 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 70 6c 61 63 65 64 2e 6e 65 74 2f 66 61 76 69 63 6f 6e 2d 33 32 78 33 32 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 70 6c 61 63 65 64 2e 6e 65 74 2f 66

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 07 Feb 2023 18:59:16 GMTServer: ApacheX-Frame-Options: SAMEORIGINLast-Modified: Sun, 16 Aug 2009 06:01:33 GMTETag: "57074349-111d8d-4713c046be940"Accept-Ranges: bytesContent-Length: 1121677Connection: closeContent-Type: application/zipData Raw: 50 4b 03 04 14 00 02 00 08 00 7b 9d 0f 3b 51 b7 76 de f5 1c 11 00 87 83 11 00 1b 00 00 00 4d 6f 64 53 6f 75 72 63 65 20 55 49 20 41 64 64 6f 6e 20 50 61 63 6b 2e 65 78 65 ec fd 07 5c 53 49 d7 38 8e df 90 00 91 62 50 41 51 51 51 b1 62 dd d8 10 0b 28 c1 8a a0 48 62 c1 82 14 43 44 40 48 04 0b 02 06 04 8c 88 5d b1 2b b2 36 ec 0d 3b 58 00 15 15 1b d6 55 2c ab 17 51 17 57 4a a8 e7 7f 66 6e 50 77 d7 7d 9e e7 7d df e7 fb 7e bf bf ff e7 89 1e ee dc a9 67 ce 9c 39 65 66 ee bd 2e 93 56 30 7c 86 61 04 08 00 0c 93 ce 70 3f 07 e6 9f ff f2 10 ea b7 3a 53 9f 39 5e ef 66 eb 74 de e8 9b ad c7 cb fd 43 ad 83 43 82 66 86 78 cd b6 f6 f6 0a 0c 0c 52 5a cf f0 b5 0e 51 05 5a fb 07 5a 3b b9 ba 5b cf 0e f2 f1 ed 66 6a 6a 64 a3 ab e3 57 d5 c8 3d 3b cc 6d aa ea a0 bb d5 82 aa 14 1a 6e 57 d5 1f af 6d ac e6 55 1d c6 6b 69 5f f3 aa 3d 78 f5 6b d8 a6 6a 3b 5e c7 f9 7b cb 49 fe 3f e3 e4 26 61 98 d1 3c 7d a6 fb c5 4f c3 ea e2 0a 18 11 cf 98 67 c0 30 93 f0 e6 3e 8f 76 b6 dd 4f 18 36 43 08 d6 f5 96 84 f5 38 3a 30 cc b7 2b e3 26 f8 7a a3 47 ff 9a 71 79 bf 5e bf 5e e8 6f 57 28 c3 1c a7 c4 e1 33 2b c2 98 7f df 0f f1 5c a6 f7 f7 c9 dd 94 be e1 4a bc f6 9a a8 43 68 d2 f7 9d e0 7e d6 0c 33 bd 5b 88 8f 97 d2 8b 61 56 34 d0 f5 bd 21 c2 d4 3f e6 43 6a 38 74 e3 b2 31 1b 0e 21 bd 56 e8 ea 0a fe 4b be 8c 6e 81 ba 8c 2b 30 9f c3 8f 11 8c 22 f9 42 42 43 bc 49 b6 30 8e 36 4c 38 5e 95 7f 6d 97 f9 cf ef 7f f5 e7 a1 f9 a0 fe e0 a9 8e 30 11 29 6d f1 af b3 46 62 ae 32 55 0f b7 34 d3 98 ee 19 34 84 49 18 2e 70 03 95 19 a8 4c 40 25 04 8b e1 21 0e 4c e1 10 1c 69 77 a9 a6 f7 61 4c 4f 94 ec 92 b9 d1 a4 d1 98 a4 f6 2d 61 12 24 26 89 92 37 5c 9c 1b c6 69 22 8a d5 be c5 8c a6 85 53 30 96 45 56 60 44 27 9d c7 89 4e 4a a5 a2 43 1e ac e6 b6 ad 0b 2b 3a 94 c9 bf 94 e0 62 96 5c 0e e2 bb 4b 8b 31 7d 2c 46 89 4e 8e f1 10 1d 72 61 f9 99 9a eb 98 82 25 c6 93 12 4b 73 30 dd 4d 74 48 62 c6 bf 84 d1 99 2f 85 a2 93 19 c6 39 89 92 12 b7 04 17 2d a2 88 cd a8 25 c5 82 04 89 b9 1b 87 88 09 58 8c 47 44 40 65 0e f7 d4 12 56 60 17 c1 8a 96 85 01 80 7a d1 04 50 fa c2 dc 5e 88 3d 96 8a cd c0 32 4a 0f 4d 84 89 82 27 cb 96 bc 21 b3 28 5b c2 0a 89 64 b4 70 c3 0c 30 77 82 0c eb 0a a6 75 69 7a 4f c0 80 0c f2 b9 0e cb ad 31 9f 9b 02 e4 db fb 0c c1 58 8b 09 b4 45 13 4c a7 ed 22 9d 38 92 78 62 fc b4 a9 e2 8c c9 d7 2e 99 31 9a d1 36 82 1d 39 48 46 cd 1d 77 ff bb 96 38 c5 a4 32 cd 78 3d 61 d9 25 3d a5 6b e2 1c 9e 18 ec 7b e7 62 72 e8 10 cd 2d ff 6b 24 3d d1 89 27 d4 08 cb 32 f5 94 fc 61 45 2d cb 32 05 ca 7a 9a db ae b1 d7 94 d6 45 66 65 99 66 2a 63 cd 63 f1 13 f5 6b 9e f8 71 82 a5 b3 3e 29 c1 d5 10 72 7d da d4 c9 97 04 64 b8 c7 8e d5 78 08 71 fc 7e f7 2f 23 e9 9a 16 04 01 f1 35 fe 17 59 82 4b 35 92 50 e3 2c dc a3 a7 34 b6 73 31 51 1a d8 5c 18 92 e0 2c b4

Source: ModSource UI Addon Pack.exe, 00000001.00000002.422163287.0000000002BD2000.00000004.00000020.00020000.00000000.sdmp, nsa449D.tmp.1.dr	String found in binary or memory: http://modsource.org
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000002.346975161.00000000028F0000.00000004.00000020.00020000.00000000.sdmp, ModSource UI Addon Pack.exe, 00000001.00000002.422163287.00000000026DC000.00000004.00000020.00020000.00000000.sdmp, ModSource UI Addon Pack.exe, 00000001.00000002.421708783.00000000006F1000.00000004.00000020.00020000.00000000.sdmp, nsa449D.tmp.1.dr	String found in binary or memory: http://modsource.org/Files/SWG/Mods/ModSource_UI_Addon_Pack.ver
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000002.346975161.00000000028F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://modsource.org/Files/SWG/Mods/ModSource_UI_Addon_Pack.ver/TIMEOUT=30000download
Source: ModSource UI Addon Pack.exe, 00000001.00000002.422163287.00000000026DC000.00000004.00000020.00020000.00000000.sdmp, ModSource UI Addon Pack.exe, 00000001.00000002.421708783.00000000006F1000.00000004.00000020.00020000.00000000.sdmp, nsa449D.tmp.1.dr	String found in binary or memory: http://modsource.org/Files/SWG/Mods/ModSource_UI_Addon_Pack.ver/TIMEOUT=30000downloadhttp://users.on
Source: nsa449D.tmp.1.dr	String found in binary or memory: http://modsource.org/Files/SWG/Mods/ModSource_UI_Addon_Pack.zip
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000002.346975161.00000000028F0000.00000004.00000020.00020000.00000000.sdmp, ModSource UI Addon Pack.exe, 00000001.00000002.422163287.00000000026DC000.00000004.00000020.00020000.00000000.sdmp, ModSource UI Addon Pack.exe, 00000001.00000002.421708783.00000000006F1000.00000004.00000020.00020000.00000000.sdmp, nsa449D.tmp.1.dr	String found in binary or memory: http://modsource.org/Files/SWG/Mods/ModSource_UI_Addon_Pack.ziphttp://users.on.net/~anach/Files/SWG/
Source: ModSource UI Addon Pack.exe, ModSource UI Addon Pack.exe, 00000001.00000000.345573605.0000000000409000.00000008.00000001.01000000.00000007.sdmp, ModSource UI Addon Pack.exe, 00000001.00000002.422163287.0000000002BD2000.00000004.00000020.00020000.00000000.sdmp, ModSource UI Addon Pack.exe, 00000001.00000002.421438450.0000000000409000.00000004.00000001.01000000.00000007.sdmp, ModSource UI Addon Pack.exe, 00000001.00000003.410469484.0000000000792000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, Uninstall the ModSource UI Addon Pack.exe.1.dr, ModSource UI Addon Pack.exe.0.dr, nsa449D.tmp.1.dr	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, Uninstall the ModSource UI Addon Pack.exe.1.dr, ModSource UI Addon Pack.exe.0.dr, nsa449D.tmp.1.dr	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: ModSource UI Addon Pack.exe, 00000001.00000002.422163287.0000000002BD2000.00000004.00000020.00020000.00000000.sdmp, nsa449D.tmp.1.dr	String found in binary or memory: http://tassyp2p.optikal.net/viewtopic.php?f=45&t=837
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000002.346975161.00000000028F0000.00000004.00000020.00020000.00000000.sdmp, ModSource UI Addon Pack.exe, 00000001.00000002.422163287.00000000026DC000.00000004.00000020.00020000.00000000.sdmp, ModSource UI Addon Pack.exe, 00000001.00000002.421708783.00000000006F1000.00000004.00000020.00020000.00000000.sdmp, nsa449D.tmp.1.dr	String found in binary or memory: http://unguilded.traumschmiede.com/Files/Mods/ModSource_UI_Addon_Pack.ver
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000002.346975161.00000000028F0000.00000004.00000020.00020000.00000000.sdmp, ModSource UI Addon Pack.exe, 00000001.00000002.422163287.00000000026DC000.00000004.00000020.00020000.00000000.sdmp, ModSource UI Addon Pack.exe, 00000001.00000002.421708783.00000000006F1000.00000004.00000020.00020000.00000000.sdmp, nsa449D.tmp.1.dr	String found in binary or memory: http://unguilded.traumschmiede.com/Files/Mods/ModSource_UI_Addon_Pack.zip
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000002.346975161.00000000028F0000.00000004.00000020.00020000.00000000.sdmp, ModSource UI Addon Pack.exe, 00000001.00000002.422163287.00000000026DC000.00000004.00000020.00020000.00000000.sdmp, ModSource UI Addon Pack.exe, 00000001.00000002.421708783.00000000006F1000.00000004.00000020.00020000.00000000.sdmp, nsa449D.tmp.1.dr	String found in binary or memory: http://users.on.net/~anach/Files/SWG/ModSource_UI_Addon_Pack.ver
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000002.346975161.00000000028F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://users.on.net/~anach/Files/SWG/ModSource_UI_Addon_Pack.verhttp://unguilded.traumschmiede.com/F
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000002.346975161.00000000028F0000.00000004.00000020.00020000.00000000.sdmp, ModSource UI Addon Pack.exe, 00000001.00000002.422163287.00000000026DC000.00000004.00000020.00020000.00000000.sdmp, ModSource UI Addon Pack.exe, 00000001.00000002.421708783.00000000006F1000.00000004.00000020.00020000.00000000.sdmp, nsa449D.tmp.1.dr	String found in binary or memory: http://users.on.net/~anach/Files/SWG/ModSource_UI_Addon_Pack.zip
Source: nsa449D.tmp.1.dr	String found in binary or memory: http://www.modsource.org
Source: ModSource UI Addon Pack.exe, 00000001.00000002.421708783.000000000073C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.modsource.org/
Source: Mod-Source - Your Source for SWG Modding Stuff.lnk.1.dr	String found in binary or memory: http://www.modsource.org/DC:
Source: ModSource UI Addon Pack.exe, 00000001.00000002.422163287.00000000026DC000.00000004.00000020.00020000.00000000.sdmp, ModSource UI Addon Pack.exe, 00000001.00000002.421708783.00000000006F1000.00000004.00000020.00020000.00000000.sdmp, nsa449D.tmp.1.dr	String found in binary or memory: http://www.modsource.orgopen
Source: ModSource UI Addon Pack.exe, 00000001.00000002.421708783.000000000073C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.modsource.orgw8
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332799089.00000000006F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bplaced.net/
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332433511.00000000006ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332819641.00000000006ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bplaced.net/apple-touch-icon.png
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332365541.00000000006F5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332799089.00000000006F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bplaced.net/contact
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332365541.00000000006F5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332799089.00000000006F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bplaced.net/datenschutz
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332433511.00000000006ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332819641.00000000006ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bplaced.net/favicon-16x16.png
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332433511.00000000006ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332819641.00000000006ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bplaced.net/favicon-32x32.png
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332433511.00000000006ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332819641.00000000006ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bplaced.net/favicon.ico
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332799089.00000000006F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bplaced.net/gfx/emblem_b_xs.png
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332365541.00000000006F5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332799089.00000000006F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bplaced.net/impressum
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332365541.00000000006F5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332799089.00000000006F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bplaced.net/privacy
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332433511.00000000006ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332819641.00000000006ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bplaced.net/safari-pinned-tab.svg

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8

Source: unknown

DNS traffic detected: queries for: modsource.org

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /Files/SWG/Mods/ModSource_UI_Addon_Pack.ver HTTP/1.0Host: modsource.orgUser-Agent: NSISDL/1.2 (Mozilla)Accept: /
Source: global traffic	HTTP traffic detected: GET /Files/SWG/Mods/ModSource_UI_Addon_Pack.ver HTTP/1.0Host: modsource.orgUser-Agent: NSISDL/1.2 (Mozilla)Accept: /
Source: global traffic	HTTP traffic detected: GET /~anach/Files/SWG/ModSource_UI_Addon_Pack.ver HTTP/1.0Host: users.on.netUser-Agent: NSISDL/1.2 (Mozilla)Accept: /
Source: global traffic	HTTP traffic detected: GET /Files/SWG/Mods/ModSource_UI_Addon_Pack.zip HTTP/1.0Host: modsource.orgUser-Agent: NSISDL/1.2 (Mozilla)Accept: /
Source: global traffic	HTTP traffic detected: GET /Files/SWG/Mods/ModSource_UI_Addon_Pack.zip HTTP/1.0Host: modsource.orgUser-Agent: NSISDL/1.2 (Mozilla)Accept: /
Source: global traffic	HTTP traffic detected: GET /~anach/Files/SWG/ModSource_UI_Addon_Pack.zip HTTP/1.0Host: users.on.netUser-Agent: NSISDL/1.2 (Mozilla)Accept: /

Creates a DirectInput object (often for capturing keystrokes)

Source: ModSource UI Addon Pack.exe, 00000001.00000002.421708783.00000000006BA000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe

Code function: 0_2_00404F1F GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_00404F1F

Uses 32bit PE files

Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	Code function: 0_2_00403225 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,		0_2_00403225
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Code function: 1_2_00403225 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,		1_2_00403225

Detected potential crypto function

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	Code function: 0_2_0040600A	0_2_0040600A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	Code function: 0_2_00404730	0_2_00404730
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Code function: 1_2_00404730	1_2_00404730
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Code function: 1_2_0040600A	1_2_0040600A

Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	ReversingLabs: Detection: 17%
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	Virustotal: Detection: 19%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe

Jump to behavior

Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	Process created: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\Readme ModSource UI Addon Pack.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1800,i,4957897538365028636,534134650291675046,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	Process created: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\Readme ModSource UI Addon Pack.html	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1800,i,4957897538365028636,534134650291675046,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: ModSource UI Addon Pack Silent Updater.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Updater\ModSource UI Addon Pack Auto Updater Silent.exe
Source: Uninstall the ModSource UI Addon Pack.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Uninstall the ModSource UI Addon Pack.exe
Source: ModSource UI Addon Pack Updater.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Updater\ModSource UI Addon Pack Auto Updater.exe
Source: Readme ModSource UI Addon Pack.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\Readme ModSource UI Addon Pack.html
Source: Pre-NGE UI Changelog.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Changelog_PreNGE_UI.txt

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ModSource UI Addon Pack Silent Updater.lnk

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe

File created: C:\Users\user\AppData\Local\Temp\nsb13F7.tmp

Jump to behavior

Source: classification engine

Classification label: sus32.winEXE@29/101@12/8

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe

Code function: 0_2_00402012 CoCreateInstance,MultiByteToWideChar,

0_2_00402012

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe

Code function: 0_2_00404275 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,

0_2_00404275

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe

File created: C:\Program Files\StarWarsGalaxies

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Automated click: Install
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Automated click: Next >

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\ModSource UI Addon Pack Uninstall.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Backup	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Backup\Ui	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_chat_window_skinned.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_mfd_status_skinned.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_all_targets.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_targets_skinned.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_secondary_targets_skinned.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_pet.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_sml_group_window.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_radar_skinned.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_pda_location_display.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_pda_exp_mon_skinned.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_pda_collections.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_buttonbar_skinned.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_hud_space.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_hud_space_buttonbar.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_toolbar_skinned.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_hud_space_toolbar.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_styles.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_palette_ground.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_palette_space.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_pda_net_status.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Backup\Texture	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\heavyweapons_reticule.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\reticle_readme.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_activate.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_attack.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_big.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_crafting.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_deactivate.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_death_blow.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_default.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_drag_bad.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_drag_scroll.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_drop.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_eat.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_equip.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_hourglass.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_intended_attack.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_mission_details.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_move.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_open.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_pickup.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_resize_hor.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_resize_se.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_resize_sw.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_resize_vert.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_stop_talk.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_talk.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_throw.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_trade_accepted.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_trade_start.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_unequip.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_use.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_target_inactive.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_background_arrow.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\readme_BattleBackground.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Backup\Sample	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_incoming_mail.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\item_fusioncutter_end.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_toggle_mouse_mode.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_use_toolbar.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_select_popup.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_button_arrow_back.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_button_arrow_forward.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_button_confirm.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_dialog_warning.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_increment_big.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_menu_close.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_rollover.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_select_info.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_select_rotate.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\item_open_metal_can_cntner.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\item_close_metal_can_cntner.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_negative.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Updater	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Updater\ModSource UI Addon Pack Auto Updater Silent.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\Readme ModSource UI Addon Pack.html	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\Changelog_PreNGE_UI.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\Readme_Anachs_PreNGE_UI.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Updater\ModSource UI Addon Pack Auto Updater.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Icons	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Icons\Readme.ico	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Icons\Web.ico	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Icons\Update.ico	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Icons\Uninstall.ico	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Uninstall the ModSource UI Addon Pack.exe	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\GoogleUpdater	Jump to behavior

Source:

Binary string: q.pdB source: ModSource UI Addon Pack.exe.0.dr, ModSource UI Addon Pack.zip.0.dr

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe

Code function: 0_2_00405D61 GetModuleHandleA,LoadLibraryA,GetProcAddress,

0_2_00405D61

Drops PE files

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Updater\ModSource UI Addon Pack Auto Updater Silent.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Users\user\AppData\Local\Temp\nsk44DC.tmp\StartMenu.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Users\user\AppData\Local\Temp\nsk44DC.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	File created: C:\Users\user\AppData\Local\Temp\nsb13F9.tmp\ZipDLL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Users\user\AppData\Local\Temp\nsk44DC.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	File created: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	File created: C:\Users\user\AppData\Local\Temp\nsb13F9.tmp\NSISdl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Updater\ModSource UI Addon Pack Auto Updater.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Uninstall the ModSource UI Addon Pack.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Users\user\AppData\Local\Temp\nsk44DC.tmp\NSISdl.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\reticle_readme.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\readme_BattleBackground.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\Readme_Anachs_PreNGE_UI.txt	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe

File created: C:\Program Files\StarWarsGalaxies\ModSource UI Addon Pack Uninstall.log

Jump to behavior

Stores files to the Windows start menu directory

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ModSource UI Addon Pack Silent Updater.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModSource UI Addon Pack	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModSource UI Addon Pack\Uninstall the ModSource UI Addon Pack.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModSource UI Addon Pack\ModSource UI Addon Pack Updater.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModSource UI Addon Pack\Readme ModSource UI Addon Pack.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModSource UI Addon Pack\Mod-Source - Your Source for SWG Modding Stuff.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModSource UI Addon Pack\Pre-NGE UI Changelog.lnk	Jump to behavior

Creates a start menu entry (Start Menu\Programs\Startup)

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ModSource UI Addon Pack Silent Updater.lnk

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Dropped PE file which has not been started: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Updater\ModSource UI Addon Pack Auto Updater Silent.exe			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Dropped PE file which has not been started: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Uninstall the ModSource UI Addon Pack.exe			Jump to dropped file

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	Code function: 0_2_00405368 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	0_2_00405368
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	Code function: 0_2_00405D3A FindFirstFileA,FindClose,	0_2_00405D3A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	Code function: 0_2_00402630 FindFirstFileA,	0_2_00402630
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Code function: 1_2_00405368 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	1_2_00405368
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Code function: 1_2_00405D3A FindFirstFileA,FindClose,	1_2_00405D3A
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Code function: 1_2_00402630 FindFirstFileA,	1_2_00402630

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	API call chain: ExitProcess graph end node

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior

Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332433511.00000000006ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.344668347.00000000006ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332819641.00000000006ED000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe

Code function: 0_2_00405D61 GetModuleHandleA,LoadLibraryA,GetProcAddress,

0_2_00405D61

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\Readme ModSource UI Addon Pack.html

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe

Code function: 0_2_00405A65 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,

0_2_00405A65

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
162.55.0.134	modsource.org	United States	35893	ACPCA	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
203.16.214.120	users.on.net	Australia	4739	INTERNODE-ASInternodePtyLtdAU	false
216.58.209.45	accounts.google.com	United States	15169	GOOGLEUS	false
142.250.180.174	clients.l.google.com	United States	15169	GOOGLEUS	false
142.250.180.132	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1
127.0.0.1

Contacted Domains

Name	IP	Active
users.on.net	203.16.214.120	true
accounts.google.com	216.58.209.45	true
modsource.org	162.55.0.134	true
www.google.com	142.250.180.132	true
clients.l.google.com	142.250.180.174	true
clients2.google.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
file:///C:/Program%20Files/StarWarsGalaxies/Mods/ModSource%20UI%20Addon%20Pack/Documentation/Readme%20ModSource%20UI%20Addon%20Pack.html	false		low
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
http://users.on.net/~anach/Files/SWG/ModSource_UI_Addon_Pack.ver	false		high
http://users.on.net/~anach/Files/SWG/ModSource_UI_Addon_Pack.zip	false		high
http://modsource.org/Files/SWG/Mods/ModSource_UI_Addon_Pack.ver	false	Avira URL Cloud: safe	unknown
http://modsource.org/Files/SWG/Mods/ModSource_UI_Addon_Pack.zip	false	Avira URL Cloud: safe	unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false		high

AV Detection

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	ReversingLabs: Detection: 17%
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	Virustotal: Detection: 19%			Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Updater\ModSource UI Addon Pack Auto Updater Silent.exe	ReversingLabs: Detection: 23%
Source: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Updater\ModSource UI Addon Pack Auto Updater.exe	ReversingLabs: Detection: 17%
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	ReversingLabs: Detection: 14%

Machine Learning detection for sample

Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe

Joe Sandbox ML: detected

Machine Learning detection for dropped file

Source: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Updater\ModSource UI Addon Pack Auto Updater.exe	Joe Sandbox ML: detected
Source: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Updater\ModSource UI Addon Pack Auto Updater Silent.exe	Joe Sandbox ML: detected

Antivirus or Machine Learning detection for unpacked file

Source: 1.2.ModSource UI Addon Pack.exe.2c18226.6.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 1.2.ModSource UI Addon Pack.exe.2bed809.4.unpack	Avira: Label: TR/Patched.Ren.Gen

Uses 32bit PE files

Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\reticle_readme.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\readme_BattleBackground.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\Readme_Anachs_PreNGE_UI.txt	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\ModSource UI Addon Pack Uninstall.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Backup	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Backup\Ui	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_chat_window_skinned.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_mfd_status_skinned.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_all_targets.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_targets_skinned.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_secondary_targets_skinned.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_pet.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_sml_group_window.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_radar_skinned.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_pda_location_display.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_pda_exp_mon_skinned.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_pda_collections.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_buttonbar_skinned.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_hud_space.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_hud_space_buttonbar.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_toolbar_skinned.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_hud_space_toolbar.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_styles.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_palette_ground.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_palette_space.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_pda_net_status.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Backup\Texture	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\heavyweapons_reticule.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\reticle_readme.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_activate.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_attack.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_big.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_crafting.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_deactivate.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_death_blow.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_default.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_drag_bad.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_drag_scroll.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_drop.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_eat.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_equip.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_hourglass.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_intended_attack.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_mission_details.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_move.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_open.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_pickup.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_resize_hor.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_resize_se.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_resize_sw.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_resize_vert.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_stop_talk.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_talk.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_throw.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_trade_accepted.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_trade_start.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_unequip.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_use.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_target_inactive.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_background_arrow.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\readme_BattleBackground.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Backup\Sample	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_incoming_mail.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\item_fusioncutter_end.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_toggle_mouse_mode.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_use_toolbar.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_select_popup.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_button_arrow_back.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_button_arrow_forward.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_button_confirm.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_dialog_warning.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_increment_big.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_menu_close.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_rollover.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_select_info.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_select_rotate.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\item_open_metal_can_cntner.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\item_close_metal_can_cntner.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_negative.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Updater	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Updater\ModSource UI Addon Pack Auto Updater Silent.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\Readme ModSource UI Addon Pack.html	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\Changelog_PreNGE_UI.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\Readme_Anachs_PreNGE_UI.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Updater\ModSource UI Addon Pack Auto Updater.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Icons	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Icons\Readme.ico	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Icons\Web.ico	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Icons\Update.ico	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Icons\Uninstall.ico	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Uninstall the ModSource UI Addon Pack.exe	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\GoogleUpdater	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe

File created: C:\Program Files\StarWarsGalaxies\ModSource UI Addon Pack Uninstall.log

Jump to behavior

Source:

Binary string: q.pdB source: ModSource UI Addon Pack.exe.0.dr, ModSource UI Addon Pack.zip.0.dr

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	Code function: 0_2_00405368 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	0_2_00405368
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	Code function: 0_2_00405D3A FindFirstFileA,FindClose,	0_2_00405D3A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	Code function: 0_2_00402630 FindFirstFileA,	0_2_00402630
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Code function: 1_2_00405368 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	1_2_00405368
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Code function: 1_2_00405D3A FindFirstFileA,FindClose,	1_2_00405D3A
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Code function: 1_2_00402630 FindFirstFileA,	1_2_00402630

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 239.255.255.250 239.255.255.250

Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 07 Feb 2023 18:59:10 GMTServer: ApacheX-BP-NSA-REQID: (null) n.12UID=1146X-Content-Type-Options: nosniffUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 29 May 2018 23:27:39 GMTETag: "1b63-56d60947c10c0"Accept-Ranges: bytesContent-Length: 7011Vary: Accept-EncodingContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 2d 68 6f 72 22 20 20 20 20 20 20 20 63 6f 6e 74 65 6e 74 3d 22 6d 69 72 6f 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 69 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 33 20 64 61 79 73 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 20 20 20 20 20 20 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 49 4e 44 45 58 2c 20 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 20 20 20 20 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 68 65 69 67 68 74 3d 64 65 76 69 63 65 2d 68 65 69 67 68 74 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 38 30 78 31 38 30 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 70 6c 61 63 65 64 2e 6e 65 74 2f 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 70 6c 61 63 65 64 2e 6e 65 74 2f 66 61 76 69 63 6f 6e 2d 33 32 78 33 32 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 70 6c 61 63 65 64 2e 6e 65 74 2f 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 07 Feb 2023 18:59:10 GMTServer: ApacheX-BP-NSA-REQID: (null) n.12UID=1562X-Content-Type-Options: nosniffUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 29 May 2018 23:27:39 GMTETag: "1b63-56d60947c10c0"Accept-Ranges: bytesContent-Length: 7011Vary: Accept-EncodingContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 2d 68 6f 72 22 20 20 20 20 20 20 20 63 6f 6e 74 65 6e 74 3d 22 6d 69 72 6f 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 69 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 33 20 64 61 79 73 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 20 20 20 20 20 20 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 49 4e 44 45 58 2c 20 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 20 20 20 20 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 68 65 69 67 68 74 3d 64 65 76 69 63 65 2d 68 65 69 67 68 74 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 38 30 78 31 38 30 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 70 6c 61 63 65 64 2e 6e 65 74 2f 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 70 6c 61 63 65 64 2e 6e 65 74 2f 66 61 76 69 63 6f 6e 2d 33 32 78 33 32 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 70 6c 61 63 65 64 2e 6e 65 74 2f 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 07 Feb 2023 18:59:15 GMTServer: ApacheX-BP-NSA-REQID: (null) n.12UID=1888X-Content-Type-Options: nosniffUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 29 May 2018 23:27:39 GMTETag: "1b63-56d60947c10c0"Accept-Ranges: bytesContent-Length: 7011Vary: Accept-EncodingContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 2d 68 6f 72 22 20 20 20 20 20 20 20 63 6f 6e 74 65 6e 74 3d 22 6d 69 72 6f 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 69 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 33 20 64 61 79 73 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 20 20 20 20 20 20 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 49 4e 44 45 58 2c 20 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 20 20 20 20 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 68 65 69 67 68 74 3d 64 65 76 69 63 65 2d 68 65 69 67 68 74 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 38 30 78 31 38 30 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 70 6c 61 63 65 64 2e 6e 65 74 2f 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 70 6c 61 63 65 64 2e 6e 65 74 2f 66 61 76 69 63 6f 6e 2d 33 32 78 33 32 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 70 6c 61 63 65 64 2e 6e 65 74 2f 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 07 Feb 2023 18:59:15 GMTServer: ApacheX-BP-NSA-REQID: (null) n.12UID=827X-Content-Type-Options: nosniffUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Tue, 29 May 2018 23:27:39 GMTETag: "1b63-56d60947c10c0"Accept-Ranges: bytesContent-Length: 7011Vary: Accept-EncodingContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 2d 68 6f 72 22 20 20 20 20 20 20 20 63 6f 6e 74 65 6e 74 3d 22 6d 69 72 6f 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 69 74 2d 61 66 74 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 33 20 64 61 79 73 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 20 20 20 20 20 20 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 49 4e 44 45 58 2c 20 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 20 20 20 20 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 68 65 69 67 68 74 3d 64 65 76 69 63 65 2d 68 65 69 67 68 74 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 38 30 78 31 38 30 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 70 6c 61 63 65 64 2e 6e 65 74 2f 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2e 70 6e 67 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 70 6c 61 63 65 64 2e 6e 65 74 2f 66 61 76 69 63 6f 6e 2d 33 32 78 33 32 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 70 6c 61 63 65 64 2e 6e 65 74 2f 66

Source: global traffic

Source: ModSource UI Addon Pack.exe, 00000001.00000002.422163287.0000000002BD2000.00000004.00000020.00020000.00000000.sdmp, nsa449D.tmp.1.dr	String found in binary or memory: http://modsource.org
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000002.346975161.00000000028F0000.00000004.00000020.00020000.00000000.sdmp, ModSource UI Addon Pack.exe, 00000001.00000002.422163287.00000000026DC000.00000004.00000020.00020000.00000000.sdmp, ModSource UI Addon Pack.exe, 00000001.00000002.421708783.00000000006F1000.00000004.00000020.00020000.00000000.sdmp, nsa449D.tmp.1.dr	String found in binary or memory: http://modsource.org/Files/SWG/Mods/ModSource_UI_Addon_Pack.ver
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000002.346975161.00000000028F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://modsource.org/Files/SWG/Mods/ModSource_UI_Addon_Pack.ver/TIMEOUT=30000download
Source: ModSource UI Addon Pack.exe, 00000001.00000002.422163287.00000000026DC000.00000004.00000020.00020000.00000000.sdmp, ModSource UI Addon Pack.exe, 00000001.00000002.421708783.00000000006F1000.00000004.00000020.00020000.00000000.sdmp, nsa449D.tmp.1.dr	String found in binary or memory: http://modsource.org/Files/SWG/Mods/ModSource_UI_Addon_Pack.ver/TIMEOUT=30000downloadhttp://users.on
Source: nsa449D.tmp.1.dr	String found in binary or memory: http://modsource.org/Files/SWG/Mods/ModSource_UI_Addon_Pack.zip
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000002.346975161.00000000028F0000.00000004.00000020.00020000.00000000.sdmp, ModSource UI Addon Pack.exe, 00000001.00000002.422163287.00000000026DC000.00000004.00000020.00020000.00000000.sdmp, ModSource UI Addon Pack.exe, 00000001.00000002.421708783.00000000006F1000.00000004.00000020.00020000.00000000.sdmp, nsa449D.tmp.1.dr	String found in binary or memory: http://modsource.org/Files/SWG/Mods/ModSource_UI_Addon_Pack.ziphttp://users.on.net/~anach/Files/SWG/
Source: ModSource UI Addon Pack.exe, ModSource UI Addon Pack.exe, 00000001.00000000.345573605.0000000000409000.00000008.00000001.01000000.00000007.sdmp, ModSource UI Addon Pack.exe, 00000001.00000002.422163287.0000000002BD2000.00000004.00000020.00020000.00000000.sdmp, ModSource UI Addon Pack.exe, 00000001.00000002.421438450.0000000000409000.00000004.00000001.01000000.00000007.sdmp, ModSource UI Addon Pack.exe, 00000001.00000003.410469484.0000000000792000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, Uninstall the ModSource UI Addon Pack.exe.1.dr, ModSource UI Addon Pack.exe.0.dr, nsa449D.tmp.1.dr	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, Uninstall the ModSource UI Addon Pack.exe.1.dr, ModSource UI Addon Pack.exe.0.dr, nsa449D.tmp.1.dr	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: ModSource UI Addon Pack.exe, 00000001.00000002.422163287.0000000002BD2000.00000004.00000020.00020000.00000000.sdmp, nsa449D.tmp.1.dr	String found in binary or memory: http://tassyp2p.optikal.net/viewtopic.php?f=45&t=837
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000002.346975161.00000000028F0000.00000004.00000020.00020000.00000000.sdmp, ModSource UI Addon Pack.exe, 00000001.00000002.422163287.00000000026DC000.00000004.00000020.00020000.00000000.sdmp, ModSource UI Addon Pack.exe, 00000001.00000002.421708783.00000000006F1000.00000004.00000020.00020000.00000000.sdmp, nsa449D.tmp.1.dr	String found in binary or memory: http://unguilded.traumschmiede.com/Files/Mods/ModSource_UI_Addon_Pack.ver
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000002.346975161.00000000028F0000.00000004.00000020.00020000.00000000.sdmp, ModSource UI Addon Pack.exe, 00000001.00000002.422163287.00000000026DC000.00000004.00000020.00020000.00000000.sdmp, ModSource UI Addon Pack.exe, 00000001.00000002.421708783.00000000006F1000.00000004.00000020.00020000.00000000.sdmp, nsa449D.tmp.1.dr	String found in binary or memory: http://unguilded.traumschmiede.com/Files/Mods/ModSource_UI_Addon_Pack.zip
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000002.346975161.00000000028F0000.00000004.00000020.00020000.00000000.sdmp, ModSource UI Addon Pack.exe, 00000001.00000002.422163287.00000000026DC000.00000004.00000020.00020000.00000000.sdmp, ModSource UI Addon Pack.exe, 00000001.00000002.421708783.00000000006F1000.00000004.00000020.00020000.00000000.sdmp, nsa449D.tmp.1.dr	String found in binary or memory: http://users.on.net/~anach/Files/SWG/ModSource_UI_Addon_Pack.ver
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000002.346975161.00000000028F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://users.on.net/~anach/Files/SWG/ModSource_UI_Addon_Pack.verhttp://unguilded.traumschmiede.com/F
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000002.346975161.00000000028F0000.00000004.00000020.00020000.00000000.sdmp, ModSource UI Addon Pack.exe, 00000001.00000002.422163287.00000000026DC000.00000004.00000020.00020000.00000000.sdmp, ModSource UI Addon Pack.exe, 00000001.00000002.421708783.00000000006F1000.00000004.00000020.00020000.00000000.sdmp, nsa449D.tmp.1.dr	String found in binary or memory: http://users.on.net/~anach/Files/SWG/ModSource_UI_Addon_Pack.zip
Source: nsa449D.tmp.1.dr	String found in binary or memory: http://www.modsource.org
Source: ModSource UI Addon Pack.exe, 00000001.00000002.421708783.000000000073C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.modsource.org/
Source: Mod-Source - Your Source for SWG Modding Stuff.lnk.1.dr	String found in binary or memory: http://www.modsource.org/DC:
Source: ModSource UI Addon Pack.exe, 00000001.00000002.422163287.00000000026DC000.00000004.00000020.00020000.00000000.sdmp, ModSource UI Addon Pack.exe, 00000001.00000002.421708783.00000000006F1000.00000004.00000020.00020000.00000000.sdmp, nsa449D.tmp.1.dr	String found in binary or memory: http://www.modsource.orgopen
Source: ModSource UI Addon Pack.exe, 00000001.00000002.421708783.000000000073C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.modsource.orgw8
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332799089.00000000006F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bplaced.net/
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332433511.00000000006ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332819641.00000000006ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bplaced.net/apple-touch-icon.png
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332365541.00000000006F5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332799089.00000000006F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bplaced.net/contact
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332365541.00000000006F5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332799089.00000000006F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bplaced.net/datenschutz
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332433511.00000000006ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332819641.00000000006ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bplaced.net/favicon-16x16.png
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332433511.00000000006ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332819641.00000000006ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bplaced.net/favicon-32x32.png
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332433511.00000000006ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332819641.00000000006ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bplaced.net/favicon.ico
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332799089.00000000006F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bplaced.net/gfx/emblem_b_xs.png
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332365541.00000000006F5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332799089.00000000006F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bplaced.net/impressum
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332365541.00000000006F5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332799089.00000000006F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bplaced.net/privacy
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332433511.00000000006ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe, 00000000.00000003.332819641.00000000006ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bplaced.net/safari-pinned-tab.svg

Source: unknown

DNS traffic detected: queries for: modsource.org

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /Files/SWG/Mods/ModSource_UI_Addon_Pack.ver HTTP/1.0Host: modsource.orgUser-Agent: NSISDL/1.2 (Mozilla)Accept: /
Source: global traffic	HTTP traffic detected: GET /Files/SWG/Mods/ModSource_UI_Addon_Pack.ver HTTP/1.0Host: modsource.orgUser-Agent: NSISDL/1.2 (Mozilla)Accept: /
Source: global traffic	HTTP traffic detected: GET /~anach/Files/SWG/ModSource_UI_Addon_Pack.ver HTTP/1.0Host: users.on.netUser-Agent: NSISDL/1.2 (Mozilla)Accept: /
Source: global traffic	HTTP traffic detected: GET /Files/SWG/Mods/ModSource_UI_Addon_Pack.zip HTTP/1.0Host: modsource.orgUser-Agent: NSISDL/1.2 (Mozilla)Accept: /
Source: global traffic	HTTP traffic detected: GET /Files/SWG/Mods/ModSource_UI_Addon_Pack.zip HTTP/1.0Host: modsource.orgUser-Agent: NSISDL/1.2 (Mozilla)Accept: /
Source: global traffic	HTTP traffic detected: GET /~anach/Files/SWG/ModSource_UI_Addon_Pack.zip HTTP/1.0Host: users.on.netUser-Agent: NSISDL/1.2 (Mozilla)Accept: /

Creates a DirectInput object (often for capturing keystrokes)

Source: ModSource UI Addon Pack.exe, 00000001.00000002.421708783.00000000006BA000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe

0_2_00404F1F

Uses 32bit PE files

Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	Code function: 0_2_00403225 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,		0_2_00403225
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Code function: 1_2_00403225 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,		1_2_00403225

Detected potential crypto function

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	Code function: 0_2_0040600A	0_2_0040600A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	Code function: 0_2_00404730	0_2_00404730
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Code function: 1_2_00404730	1_2_00404730
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Code function: 1_2_0040600A	1_2_0040600A

Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	ReversingLabs: Detection: 17%
Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	Virustotal: Detection: 19%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe

Jump to behavior

Source: SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	Process created: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\Readme ModSource UI Addon Pack.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1800,i,4957897538365028636,534134650291675046,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	Process created: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\Readme ModSource UI Addon Pack.html	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1800,i,4957897538365028636,534134650291675046,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: ModSource UI Addon Pack Silent Updater.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Updater\ModSource UI Addon Pack Auto Updater Silent.exe
Source: Uninstall the ModSource UI Addon Pack.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Uninstall the ModSource UI Addon Pack.exe
Source: ModSource UI Addon Pack Updater.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Updater\ModSource UI Addon Pack Auto Updater.exe
Source: Readme ModSource UI Addon Pack.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\Readme ModSource UI Addon Pack.html
Source: Pre-NGE UI Changelog.lnk.1.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Changelog_PreNGE_UI.txt

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ModSource UI Addon Pack Silent Updater.lnk

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe

File created: C:\Users\user\AppData\Local\Temp\nsb13F7.tmp

Jump to behavior

Source: classification engine

Classification label: sus32.winEXE@29/101@12/8

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe

Code function: 0_2_00402012 CoCreateInstance,MultiByteToWideChar,

0_2_00402012

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe

Code function: 0_2_00404275 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,

0_2_00404275

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe

File created: C:\Program Files\StarWarsGalaxies

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Automated click: Install
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Automated click: Next >

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\ModSource UI Addon Pack Uninstall.log	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Backup	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Backup\Ui	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_chat_window_skinned.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_mfd_status_skinned.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_all_targets.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_targets_skinned.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_secondary_targets_skinned.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_pet.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_sml_group_window.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_radar_skinned.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_pda_location_display.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_pda_exp_mon_skinned.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_pda_collections.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_buttonbar_skinned.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_hud_space.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_hud_space_buttonbar.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_toolbar_skinned.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_hud_space_toolbar.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_styles.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_palette_ground.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_palette_space.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Ui\ui_pda_net_status.inc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Backup\Texture	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\heavyweapons_reticule.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\reticle_readme.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_activate.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_attack.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_big.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_crafting.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_deactivate.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_death_blow.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_default.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_drag_bad.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_drag_scroll.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_drop.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_eat.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_equip.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_hourglass.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_intended_attack.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_mission_details.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_move.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_open.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_pickup.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_resize_hor.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_resize_se.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_resize_sw.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_resize_vert.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_stop_talk.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_talk.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_throw.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_trade_accepted.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_trade_start.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_unequip.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_use.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_target_inactive.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Texture\ui_background_arrow.dds	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\readme_BattleBackground.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Backup\Sample	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_incoming_mail.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\item_fusioncutter_end.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_toggle_mouse_mode.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_use_toolbar.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_select_popup.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_button_arrow_back.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_button_arrow_forward.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_button_confirm.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_dialog_warning.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_increment_big.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_menu_close.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_rollover.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_select_info.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_select_rotate.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\item_open_metal_can_cntner.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\item_close_metal_can_cntner.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Sample\ui_negative.wav	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Updater	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Updater\ModSource UI Addon Pack Auto Updater Silent.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\Readme ModSource UI Addon Pack.html	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\Changelog_PreNGE_UI.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\Readme_Anachs_PreNGE_UI.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Updater\ModSource UI Addon Pack Auto Updater.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Icons	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Icons\Readme.ico	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Icons\Web.ico	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Icons\Update.ico	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Icons\Uninstall.ico	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Directory created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Uninstall the ModSource UI Addon Pack.exe	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\GoogleUpdater	Jump to behavior

Source:

Binary string: q.pdB source: ModSource UI Addon Pack.exe.0.dr, ModSource UI Addon Pack.zip.0.dr

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe

Code function: 0_2_00405D61 GetModuleHandleA,LoadLibraryA,GetProcAddress,

0_2_00405D61

Drops PE files

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Updater\ModSource UI Addon Pack Auto Updater Silent.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Users\user\AppData\Local\Temp\nsk44DC.tmp\StartMenu.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Users\user\AppData\Local\Temp\nsk44DC.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	File created: C:\Users\user\AppData\Local\Temp\nsb13F9.tmp\ZipDLL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Users\user\AppData\Local\Temp\nsk44DC.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	File created: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	File created: C:\Users\user\AppData\Local\Temp\nsb13F9.tmp\NSISdl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Updater\ModSource UI Addon Pack Auto Updater.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Uninstall the ModSource UI Addon Pack.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Users\user\AppData\Local\Temp\nsk44DC.tmp\NSISdl.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\reticle_readme.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\readme_BattleBackground.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\Readme_Anachs_PreNGE_UI.txt	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe

File created: C:\Program Files\StarWarsGalaxies\ModSource UI Addon Pack Uninstall.log

Jump to behavior

Stores files to the Windows start menu directory

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ModSource UI Addon Pack Silent Updater.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModSource UI Addon Pack	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModSource UI Addon Pack\Uninstall the ModSource UI Addon Pack.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModSource UI Addon Pack\ModSource UI Addon Pack Updater.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModSource UI Addon Pack\Readme ModSource UI Addon Pack.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModSource UI Addon Pack\Mod-Source - Your Source for SWG Modding Stuff.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModSource UI Addon Pack\Pre-NGE UI Changelog.lnk	Jump to behavior

Creates a start menu entry (Start Menu\Programs\Startup)

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ModSource UI Addon Pack Silent Updater.lnk

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Dropped PE file which has not been started: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Updater\ModSource UI Addon Pack Auto Updater Silent.exe			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Dropped PE file which has not been started: C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Uninstall the ModSource UI Addon Pack.exe			Jump to dropped file

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	Code function: 0_2_00405368 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	0_2_00405368
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	Code function: 0_2_00405D3A FindFirstFileA,FindClose,	0_2_00405D3A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	Code function: 0_2_00402630 FindFirstFileA,	0_2_00402630
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Code function: 1_2_00405368 CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	1_2_00405368
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Code function: 1_2_00405D3A FindFirstFileA,FindClose,	1_2_00405D3A
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Code function: 1_2_00402630 FindFirstFileA,	1_2_00402630

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	API call chain: ExitProcess graph end node

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe

Code function: 0_2_00405D61 GetModuleHandleA,LoadLibraryA,GetProcAddress,

0_2_00405D61

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe

Code function: 0_2_00405A65 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,

0_2_00405A65

ID:	800798
Product:	CloudBasic
Start time:	19:58:07
Start date:	07.02.2023
Sample:	SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe
Cookbook:	default.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	97011b19f2683a918f1f07f7f4ec1998
SHA1:	4b486d0b67994fabe961787f5facdf9a0e3f6672
SHA256:	c1469167b9700aeca987573c023ec7f160dadf8309a7a4feb2cd1969ad66673e
Filetype:	Win32 Executable (generic) a (10002005/4) 92.16%

Name	Type	MD5	SHA1	SHA256
C:\Program Files\StarWarsGalaxies\ModSource UI Addon Pack Uninstall.log	ASCII text, with CRLF line terminators	5465527B0C899413743C22ABA3ECFE4C	3347100AE9776581D1CABF2F5E2FA5CB970DF20C	91D4E5644587E47E6F9793228A153676DD990B6F57477550D1BBE0607BC62560
C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\Changelog_PreNGE_UI.txt	ISO-8859 text, with CRLF line terminators	EE69358078BA7D070B8A56418DDE86D5	8A80B5F998B3F08DE16DBFA6B72FAA608247FB64	921F7281DC7FA7453604DC74E8FD992C16F60AAB8258ECBFA4C0C253E1A31978
C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\Readme ModSource UI Addon Pack.html	HTML document, ASCII text, with very long lines (542), with CRLF line terminators	A6E066C16AEA71CC530E03861836E309	B22074915A54AC6423F9B94CB7C83F8DE0E03009	5D7BAA5BB870E0B8CA7FF4056FED7148B34B4428F22216DCD50089031EE46569
C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\Readme_Anachs_PreNGE_UI.txt	ISO-8859 text, with CRLF line terminators	4FDCD2D0C042A1B08EE169BDCCB67CAA	8CA66593DA4E086A599B05DC6C26086F2EDF005B	87F137541314EBFD448F362B94E319404E06D1CC5B0A3838662EAE33EE1CC466
C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\readme_BattleBackground.txt	ASCII text, with CRLF line terminators	7296220F0D7B945A8BF32DDAAF62E174	B8EFB0EC87C433D1DA5FE1F1075D841C77AC0188	FBF32A9A578B9790EAD0F9E1D19BC4BABA06374F6B2024D7246DD011E7734C08
C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Documentation\reticle_readme.txt	ASCII text, with CRLF line terminators	540F643FDD28298E2D8BF0D7BD047260	09A9344F13F2A78425BE370292F893D379712665	EAA3D90D17A702DE8A68E793FBF2687B341AACCE329896032B7969127485496A
C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Icons\Readme.ico	MS Windows icon resource - 4 icons, 32x32, 32 bits/pixel, 32x32, 8 bits/pixel	39994C8CF3BED782A03D79C33D6F4F5E	1EFF6936F09C94C2E3ED6078292C7518A8249CBC	AACF63B1E5A9EFE2EC0264BB70B201AD1B22D8C858FAA94EF6D03ADE672BE60B
C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Icons\Uninstall.ico	MS Windows icon resource - 4 icons, 32x32, 32 bits/pixel, 32x32, 8 bits/pixel	2808D11AF5EFC388ABAC9A782D72431C	75D9E6F392DFCFA3131C3947795487AB0AA2F0C7	2B476C22B0F0D2117CDC4FCC0931A231DF5BE55C08FFA0F6D203A37A0111B577
C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Icons\Update.ico	MS Windows icon resource - 4 icons, 32x32, 32 bits/pixel, 32x32, 8 bits/pixel	953BA127FC153B27071B8AE2A21A1651	25F71C633032A808F1058886FDEA2AA5B963E289	274038CE497A521BB1B4EEFBD0092AB26E2764BE73D8A4C2F2BD16B11AF326C8
C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Icons\Web.ico	MS Windows icon resource - 4 icons, 32x32, 32 bits/pixel, 32x32, 8 bits/pixel	348B93CB5304CB0EEE0A54DD42904DBD	FDF5DCCF9C1E0A0D3514F060ECF548434C5949F4	B3E465452872A6C9661EFCBC9D16AE2265564B8C3CF8D7765763A899520D6C6E
C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Uninstall the ModSource UI Addon Pack.exe	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive	6D3886C1E65F7D0D56188AA27AA9342E	ADF0DE2A3F7EC904865C7FA5A09FD86F8E49FA3C	D837AF580D3F2F19886D48F04F9AF0F7F2F0C206CA3B6BA812C0B586C50B4944
C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Updater\ModSource UI Addon Pack Auto Updater Silent.exe	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive	6A7B1A1A041BFE75FD88F1AC5010C63F	47746D829B0C113792E6F1ACEFE8EC8B7F7CDD03	95907DC57674AA31E1A86F3BF1FEB2997072F2CD9DF58EAE3069275619968118
C:\Program Files\StarWarsGalaxies\Mods\ModSource UI Addon Pack\Updater\ModSource UI Addon Pack Auto Updater.exe	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive	97011B19F2683A918F1F07F7F4EC1998	4B486D0B67994FABE961787F5FACDF9A0E3F6672	C1469167B9700AECA987573C023EC7F160DADF8309A7A4FEB2CD1969AD66673E
C:\Program Files\StarWarsGalaxies\Sample\item_close_metal_can_cntner.wav	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz	0680773BF646E7A9780A013AEDE5C804	0994740633B7B5BCDF27023E2D22712AA979216A	72CFEC0A3D43DE264F1BF42D5D57B27B402541A8DF9D5F7E7EF4028FEBA1C80E
C:\Program Files\StarWarsGalaxies\Sample\item_fusioncutter_end.wav	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz	0680773BF646E7A9780A013AEDE5C804	0994740633B7B5BCDF27023E2D22712AA979216A	72CFEC0A3D43DE264F1BF42D5D57B27B402541A8DF9D5F7E7EF4028FEBA1C80E
C:\Program Files\StarWarsGalaxies\Sample\item_open_metal_can_cntner.wav	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz	0680773BF646E7A9780A013AEDE5C804	0994740633B7B5BCDF27023E2D22712AA979216A	72CFEC0A3D43DE264F1BF42D5D57B27B402541A8DF9D5F7E7EF4028FEBA1C80E
C:\Program Files\StarWarsGalaxies\Sample\ui_button_arrow_back.wav	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz	0680773BF646E7A9780A013AEDE5C804	0994740633B7B5BCDF27023E2D22712AA979216A	72CFEC0A3D43DE264F1BF42D5D57B27B402541A8DF9D5F7E7EF4028FEBA1C80E
C:\Program Files\StarWarsGalaxies\Sample\ui_button_arrow_forward.wav	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz	0680773BF646E7A9780A013AEDE5C804	0994740633B7B5BCDF27023E2D22712AA979216A	72CFEC0A3D43DE264F1BF42D5D57B27B402541A8DF9D5F7E7EF4028FEBA1C80E
C:\Program Files\StarWarsGalaxies\Sample\ui_button_confirm.wav	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz	0680773BF646E7A9780A013AEDE5C804	0994740633B7B5BCDF27023E2D22712AA979216A	72CFEC0A3D43DE264F1BF42D5D57B27B402541A8DF9D5F7E7EF4028FEBA1C80E
C:\Program Files\StarWarsGalaxies\Sample\ui_dialog_warning.wav	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz	0680773BF646E7A9780A013AEDE5C804	0994740633B7B5BCDF27023E2D22712AA979216A	72CFEC0A3D43DE264F1BF42D5D57B27B402541A8DF9D5F7E7EF4028FEBA1C80E
C:\Program Files\StarWarsGalaxies\Sample\ui_incoming_mail.wav	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 22050 Hz	6DF0CEA7C588CD28B884355FDAFDDF20	09A004B41C7CFB9F6B92F92D87CA51C7018B2DDF	652453B104AA243296ACC1307E1E81557C9A26B53244E139380F650416F6A026
C:\Program Files\StarWarsGalaxies\Sample\ui_increment_big.wav	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz	0680773BF646E7A9780A013AEDE5C804	0994740633B7B5BCDF27023E2D22712AA979216A	72CFEC0A3D43DE264F1BF42D5D57B27B402541A8DF9D5F7E7EF4028FEBA1C80E
C:\Program Files\StarWarsGalaxies\Sample\ui_menu_close.wav	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz	0680773BF646E7A9780A013AEDE5C804	0994740633B7B5BCDF27023E2D22712AA979216A	72CFEC0A3D43DE264F1BF42D5D57B27B402541A8DF9D5F7E7EF4028FEBA1C80E
C:\Program Files\StarWarsGalaxies\Sample\ui_negative.wav	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz	0680773BF646E7A9780A013AEDE5C804	0994740633B7B5BCDF27023E2D22712AA979216A	72CFEC0A3D43DE264F1BF42D5D57B27B402541A8DF9D5F7E7EF4028FEBA1C80E
C:\Program Files\StarWarsGalaxies\Sample\ui_rollover.wav	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz	0680773BF646E7A9780A013AEDE5C804	0994740633B7B5BCDF27023E2D22712AA979216A	72CFEC0A3D43DE264F1BF42D5D57B27B402541A8DF9D5F7E7EF4028FEBA1C80E
C:\Program Files\StarWarsGalaxies\Sample\ui_select_info.wav	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz	0680773BF646E7A9780A013AEDE5C804	0994740633B7B5BCDF27023E2D22712AA979216A	72CFEC0A3D43DE264F1BF42D5D57B27B402541A8DF9D5F7E7EF4028FEBA1C80E
C:\Program Files\StarWarsGalaxies\Sample\ui_select_popup.wav	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz	0680773BF646E7A9780A013AEDE5C804	0994740633B7B5BCDF27023E2D22712AA979216A	72CFEC0A3D43DE264F1BF42D5D57B27B402541A8DF9D5F7E7EF4028FEBA1C80E
C:\Program Files\StarWarsGalaxies\Sample\ui_select_rotate.wav	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz	0680773BF646E7A9780A013AEDE5C804	0994740633B7B5BCDF27023E2D22712AA979216A	72CFEC0A3D43DE264F1BF42D5D57B27B402541A8DF9D5F7E7EF4028FEBA1C80E
C:\Program Files\StarWarsGalaxies\Sample\ui_toggle_mouse_mode.wav	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz	0680773BF646E7A9780A013AEDE5C804	0994740633B7B5BCDF27023E2D22712AA979216A	72CFEC0A3D43DE264F1BF42D5D57B27B402541A8DF9D5F7E7EF4028FEBA1C80E
C:\Program Files\StarWarsGalaxies\Sample\ui_use_toolbar.wav	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz	0680773BF646E7A9780A013AEDE5C804	0994740633B7B5BCDF27023E2D22712AA979216A	72CFEC0A3D43DE264F1BF42D5D57B27B402541A8DF9D5F7E7EF4028FEBA1C80E
C:\Program Files\StarWarsGalaxies\Texture\heavyweapons_reticule.dds	Microsoft DirectDraw Surface (DDS): 256 x 256, 256-bit color, compressed using DXT3	C6D1B43C7BDC5209E8220CBCB10F0346	19F016B333BA01654F2A20C33340CF42F5418D17	413E231CE9A3B3D83A8D1BDC1B2D3075E2B6CB9EA35B572EF6F1B21D8FA13B09
C:\Program Files\StarWarsGalaxies\Texture\ui_background_arrow.dds	Microsoft DirectDraw Surface (DDS): 1024 x 1024, compressed using DXT3	26A59F0EFF0CB71C35D002449C2EF03C	E0CBBF8FAFF1647088BD664A4C732A5AB1302272	823AD3A093E57C9F5BF6A2EE914C09B12093CBACFB19AF123433FE73B240C05C
C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_activate.dds	Microsoft DirectDraw Surface (DDS): 32 x 32, 32-bit color, ARGB8888	3B532D932C88A7B8CA06CDD64BAC9155	F565AAA508D69FEA01234E84B2A3BDE93CBE0662	B036C4C8083630371C67B628FC7036D85F9780BC69060323ECE0DAC2E737DEC9
C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_attack.dds	Microsoft DirectDraw Surface (DDS): 32 x 32, 32-bit color, ARGB8888	FB53385DD997E4906D6A920AAC362B4E	38D2F863EDAB96AF7D9E9D6B326DE6D3138DB699	4E9A5CF310A0FC2E9F4707A8AA76061503D5397EF37BC9F2B4156EF50E518034
C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_big.dds	Microsoft DirectDraw Surface (DDS): 32 x 32, 32-bit color, ARGB8888	15F0E7A98C462BF4A92079B6E7226076	7EE7A38F6EC6A6F0315879FDA65A85904552831C	404F3DB9DA7FD719D4E096D8056A351E89B85F7D315F429784E74F74D608AC52
C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_crafting.dds	Microsoft DirectDraw Surface (DDS): 32 x 32, 32-bit color, ARGB8888	93BF698A2CAB4B058DCD65A82E11BC8C	CB4CC3E85E52F81E7523381B3C7B16649D415B8E	5C1431F215E094BEC6ACC3140813DCA8461B46902E7680577D96B2A82782E91F
C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_deactivate.dds	Microsoft DirectDraw Surface (DDS): 32 x 32, 32-bit color, ARGB8888	43F549AFAB6C63E86EE8FE034243E711	AF8382AA6B5B1CE8466B5F00B6516964E3F84861	59216753864D4D4C9E8EB8B793821CF2444D4DAF12E181AEC3B58CC821F6F838
C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_death_blow.dds	Microsoft DirectDraw Surface (DDS): 32 x 32, 32-bit color, ARGB8888	16DA0165E5F770121EE74E4337342526	5EB0218742D0461312A34F43D38256BD409601F4	9A5D1FFF584CFD2C50FD71BD94F8006137392C1E5C3C7E14B2C27A8607F72FA7
C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_default.dds	Microsoft DirectDraw Surface (DDS): 32 x 32, 32-bit color, ARGB8888	8167EDDF0241AB99D71FEC51E0E0BD6E	14C053BBE8B98B6B1EB554091AF8EE5418CA32A5	CF43DBAA5DA1818644DC9E09FA85DCAAC39C664C871DFF493666FBB01E206276
C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_drag_bad.dds	Microsoft DirectDraw Surface (DDS): 32 x 32, 32-bit color, ARGB8888	9E6EBDE5875E38522F7E486D6177EEB7	5CFFCE881E83102C9910A0FFB7242DEF7ABB2CEC	2533CA6C8B742F817DE5661731E460AAA258E30F6527DE4B1CE39016954040E3
C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_drag_scroll.dds	Microsoft DirectDraw Surface (DDS): 32 x 32, 32-bit color, ARGB8888	7C58E8ECEC58E6BCE500C0391C376654	428B03AA4C735DF39CA541E04C0114F477E44D5B	9B793D48E381BEBCE414DCCE9F4702E0D37020429C3A238DF82594B9174DDA58
C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_drop.dds	Microsoft DirectDraw Surface (DDS): 32 x 32, 32-bit color, ARGB8888	1FB7852C040CE40A201BC862546D446C	7FDC174B163B4D7D27773661A07CC39BB9CA7172	BD3C8EC167A56950ADE24C6918A772EBF91FA5D8CC0EDAFC16540764FEE49566
C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_eat.dds	Microsoft DirectDraw Surface (DDS): 32 x 32, 32-bit color, ARGB8888	127BDE47286479C23170BB476C46D5D5	3534304C5F56C272DA2BDA5071C9E2D2017A3381	270DFA7CCD66D4C2046CE836EB2CEF313B4AAEE3626C6181D7C7D9B99CE02A28
C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_equip.dds	Microsoft DirectDraw Surface (DDS): 32 x 32, 32-bit color, ARGB8888	613652F2C3C2895F7134CC9809AC680D	E8CE360139071FBB02C74C4376A44B03EF9D3EF8	2CD73EAAB91364C954AAC9207740C5546A9DA978BD51A1E2AB37D100051BE185
C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_hourglass.dds	Microsoft DirectDraw Surface (DDS): 32 x 32, 32-bit color, ARGB8888	F1848BA4F1B9EEF460D82DB14E0E3512	8A556BBD8259F7B3A5AC85F79755305E6AA13C92	283327594E2A04C56AF2F55F7D0F4712D17BB8715D9B16FDF01495DCDFDEA3B7
C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_intended_attack.dds	Microsoft DirectDraw Surface (DDS): 32 x 32, 32-bit color, ARGB8888	1DA71D204EA3BA3628245C1221E149F9	83BE5551B64C1C19E8757470324EE09688FB39DE	0CE43DF475EF5A4C42812626C451AFED7B7A9C4A7ADA731271FDA6BD83B718B6
C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_mission_details.dds	Microsoft DirectDraw Surface (DDS): 32 x 32, 32-bit color, ARGB8888	8DA364118AB8CB3198D6855F77FFF819	5F0ECD13298A247403C1C4B80E4F5D382922AC89	D59561F800F2EE17BD8C06F019F54F280901525FFF97D13651F8A95F88E800A8
C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_move.dds	Microsoft DirectDraw Surface (DDS): 32 x 32, 32-bit color, ARGB8888	7827D8ABCB871DC4713147C3422F078D	0BEB57EF42FBE58E265603799D7BE1C1628B356C	A7C6E9DF48566074C9DA6E383C6EDE61E2694B2F156B1EAEAED1FB20C83F5A60
C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_open.dds	Microsoft DirectDraw Surface (DDS): 32 x 32, 32-bit color, ARGB8888	049BA32B7EBD08209E60C460EF9E7F1B	759DE2AB206AAB95CC968ED2E35CDDC20770B40F	CE51509AAD1B601E55AABAC9489F1253BD7C7E34BE9C48D34FBE611B5FE38776
C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_pickup.dds	Microsoft DirectDraw Surface (DDS): 32 x 32, 32-bit color, ARGB8888	FEFC43B49B558C4064DB3C587B79C38E	B6BDA53BCF4D64AF4823771B01A40B9D77108015	C0777ACBDB0A92C0245C9D31E0ED0B076BB68BD8B4DEE611BCFBA23108EA4A03
C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_resize_hor.dds	Microsoft DirectDraw Surface (DDS): 32 x 32, 32-bit color, ARGB8888	B5426A46BE98706BD05B955C75AC3718	60B7A36E41886AAA21D20C8D08A5995FDF61FC89	528077D43AFD0EE73190A2F9887EE89318575F6709F2D0051A3FA362E5F84B58
C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_resize_se.dds	Microsoft DirectDraw Surface (DDS): 32 x 32, 32-bit color, ARGB8888	7CA6E3C1AA2C84C1B5FFD80313C8F69E	0331D453BA90DBA8408A11A7C56246D7B53F8C36	73AD38866CDA4636B00D224114321C4857506AD79F7752D19E3288272D1DB95D
C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_resize_sw.dds	Microsoft DirectDraw Surface (DDS): 32 x 32, 32-bit color, ARGB8888	9E8FBB1138451FBED28BB3126BF1BDA1	E741FA6E41055225EBFC66DFF119A29B7CEE4DEB	BD92D6ABC57A237A62C335E3DCEB56908C9C66D399906A2D4AC0E1A4572EB418
C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_resize_vert.dds	Microsoft DirectDraw Surface (DDS): 32 x 32, 32-bit color, ARGB8888	E793690F6F436941879E59A1C01E2B1F	E1C357B81FBE59B823DDEB590136FAF2288334FE	169577659D7E0E7E8E74C0CEBA6C170285BBAFE449C0F8757AAD2FC2462103F0
C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_stop_talk.dds	Microsoft DirectDraw Surface (DDS): 32 x 32, 32-bit color, ARGB8888	4715735C5C513431FD4A9D8322FBAADA	E085986DA5D71049CE9D3A17636568CE947B3DC8	5C7B8F7814D351FA5CA5D75C13D614DAFFC30C0A3335DD3EEFFA345E73E3B1AD
C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_talk.dds	Microsoft DirectDraw Surface (DDS): 32 x 32, 32-bit color, ARGB8888	391A6104ED9167D31E475BEA63B23E4D	2EB0E27E91FAC6679488E91683CFA15E8E015B9F	6D3251D9F00688858025E4424996D4D2CECE4913A3EE3054B0633F39A9363851
C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_throw.dds	Microsoft DirectDraw Surface (DDS): 32 x 32, 32-bit color, ARGB8888	1DA71D204EA3BA3628245C1221E149F9	83BE5551B64C1C19E8757470324EE09688FB39DE	0CE43DF475EF5A4C42812626C451AFED7B7A9C4A7ADA731271FDA6BD83B718B6
C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_trade_accepted.dds	Microsoft DirectDraw Surface (DDS): 32 x 32, 32-bit color, ARGB8888	A365FCE097EBE054984D6B6318548B56	1D8CC11C3D32977DCC56C1739D46D3F9344F040E	5EE46EB794A484B74F6594C465313278D3C8C343027BE197895F4DCAC7A82716
C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_trade_start.dds	Microsoft DirectDraw Surface (DDS): 32 x 32, 32-bit color, ARGB8888	710BAC28117AD7662F3FC86D37B089B7	05EF8FBA3671978C1DD189BCC85777A0E84004A8	004208FD3098FB272055FE0582FA7177AE7EBF60DD8E9F6CB805864125ED8DED
C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_unequip.dds	Microsoft DirectDraw Surface (DDS): 32 x 32, 32-bit color, ARGB8888	DC30869DF3BFD39473FCB48BBA773630	84464CAC9196FD35208F2C306BB6D7E8B47B3F4D	1336AAA7087E4F337DC21DC54006435E37597941CB43EE7D78C8321B7F481936
C:\Program Files\StarWarsGalaxies\Texture\ui_cursor_use.dds	Microsoft DirectDraw Surface (DDS): 32 x 32, 32-bit color, ARGB8888	1D0125177E9725B4AAEBB598C8D68549	03A519BB30305814FC2E89C59A5D39276E82314A	5D7127AC7A58C490744B611AEC4483E54AF8167D0E38328DEB4AC9E9932DFBEA
C:\Program Files\StarWarsGalaxies\Texture\ui_target_inactive.dds	Microsoft DirectDraw Surface (DDS): 32 x 32, 32-bit color, ARGB8888	CF138548E51178BF43DC884970DF0BB8	AF97AB476DAFB0C20087B24AED515ECBF316329F	4135FB56CA099580F7A49DC9EDDC8EE71FC81FF4CACA3027003A3A574B3121D9
C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud.inc	ASCII text, with CRLF line terminators	FB7D96935C40962C9719F2CEF75A043E	9728103813508E8C75B299A574ED21F742B500C6	E461077DABDA11CF0F84E3685495578FF99750039BBEEC7791335148EF7B4E27
C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_all_targets.inc	ASCII text, with CRLF, LF line terminators	91CE0FDA64177357AEE4CA65830793BB	FE319BF7DDCB293F8B03764FEB98CA8EB8DD6CDF	6840114E37A0375A2C6CBA38A166774F3D2E128BC7B2ADBB0887543D1D41A1DC
C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_buttonbar_skinned.inc	ASCII text, with CRLF line terminators	3C38F195E75874B7F405281A47C9C429	94AE2B05B2DF74F4E9C80F1A18FE74BC796B0570	23D47D828F2428B1B9556B7A854E02EF0318B648522EC6A4E7DAE32D08269AD1
C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_chat_window_skinned.inc	ASCII text, with very long lines (908), with CRLF line terminators	347D3CA5B5FE129CF841F12AD0F285A3	05D9B8EEDB065D4C2186243A24F04C4C0BA8A841	675706308D1268BDEAF2D09CE57D4C0C94109EC37E6A6563A890C5F0D46FF87A
C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_mfd_status_skinned.inc	ASCII text, with CRLF line terminators	6665DCC54B3A05E8C91839BBC0B31AC4	DE88387EFA2CA3C3959D1EB3625D56BB4845F82B	B80836A853C5BDF0F98A1035697408FCD122757F60C9C8CA2329CC1C466CF537
C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_pet.inc	ASCII text, with CRLF line terminators	7D23827C085E75AFE025BB9173AA5E24	53D5D39BB52494C3900F158DB25EBA4DD6BA57B1	3F604A0F256FBA40DB31C77435C9664E83731E170D381B3119B5DA18EFAC63F0
C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_radar_skinned.inc	ASCII text, with CRLF line terminators	3A284F4EF8C007085680E32B056B8E70	04922B20CC6949C089213FE7AB824E0839C11F56	A31E3EB9A20511C8DD7716D6A858844F62893A301DB8351C7959F1A87B690F3C
C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_secondary_targets_skinned.inc	ASCII text, with CRLF line terminators	20565FDF41245FDE4E36B023375D560C	CB71EFE4A184041D24717F86BC6AADF53F1F9FC9	9A44C04E2A8F47EB765E792D6B0FA16EEBA69900669E41DF6355AA7E36ADC5D1
C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_sml_group_window.inc	ASCII text, with CRLF line terminators	0F0C74DDC38A67DA2F41576CD81D7632	3C107AA6A33DFB059036A225E1319A126B5DAEC9	62173B3A0724A2B34555A0AF0EBB9A619B7571FCF2A60B356BD758A2DAB0FE84
C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_targets_skinned.inc	ASCII text, with CRLF line terminators	718DB9361D3A81C9156B060F7A161289	C5A0EB1EF8CECF1F358779F6F41F2E9F0836279D	A9A1B5B39BD18D9F4204A7040945AFD0DFD02C23D5CE6B4366FEA511DC1864AD
C:\Program Files\StarWarsGalaxies\Ui\ui_ground_hud_toolbar_skinned.inc	ASCII text, with CRLF line terminators	80FF1175BB31DEF8734812AA94666347	C269A5579189092383FF69F058DE18AC51A47081	945B7664C4B642F508AEE26D58C35A0457DA796807DC1177C413B1E203FAA4A3
C:\Program Files\StarWarsGalaxies\Ui\ui_hud_space.inc	ASCII text	977F36A08F5E6D9957BCFBE96C30D8C3	34ABAAFDAF130E44F87F34B985F0D2CD8DCA2503	7C6E3208EC4515DE1B87928D5253D81FBE44570CD3C40A8C23E6D5CE112068C1
C:\Program Files\StarWarsGalaxies\Ui\ui_hud_space_buttonbar.inc	ASCII text, with CRLF line terminators	32EBA9AE30919779C7702639FF0362C0	84ED7D3B1817D453181F35FE12A339715D173763	5893E29A35555C7B43383930F4FE9B99FBF8CB12C5A9C02A1B409473582DA4BB
C:\Program Files\StarWarsGalaxies\Ui\ui_hud_space_toolbar.inc	ASCII text, with CRLF line terminators	F62BF54C8A3B6316CD45C1D5C2596ED8	EC4156844D1914A370B71C6F6F6366AFCD7F8801	AC057DA6016721CC07F79FE97F487C959B4571C5622CF72181F9530ADEC4B176
C:\Program Files\StarWarsGalaxies\Ui\ui_palette_ground.inc	ASCII text, with CRLF line terminators	67D9C1E1FAE603E84D04B26690239C27	E63610555F14ACCBA013950C188918F79C5DED34	0224D36EDBF6C565158A4DD58D10F61D3C7BFBBCC395DE8A00F4E91889F3E3B4
C:\Program Files\StarWarsGalaxies\Ui\ui_palette_space.inc	ASCII text, with CRLF line terminators	F5AE920CD31EF3945A7453FD76AB96EB	D4D41CF7A77EB395411DA6B2A6AF86C54C525723	1CF56178462D040954A4F702E1EF74B0F128D9871BF4D0A3837C5C01B85DF10E
C:\Program Files\StarWarsGalaxies\Ui\ui_pda_collections.inc	ASCII text, with CRLF line terminators	79845F1005FBB38FA0BB2F888C1117D6	459AEAAF0B6027A19569850F1885643346489FB5	F1468A5E51932E01346F66A6EFD0395D492FA5215EBF3E92C92E627F8EE37564
C:\Program Files\StarWarsGalaxies\Ui\ui_pda_exp_mon_skinned.inc	ASCII text	4B949D48DFD7A0D7A61AE7FFA5D53B84	07624DAB264B794737CDD62A397C37BBAFEDBC36	62FF8EF63675EC02956DEE11FEFFBCBF21165FBD93B73692DEA0B0B7F4458BEB
C:\Program Files\StarWarsGalaxies\Ui\ui_pda_location_display.inc	ASCII text, with CRLF line terminators	EBB827DE756A9B90C349CD372127B5E6	8B526FF3F270FAC17883B8F40060E67282ED624A	D7C5B9D42E51114882F51169C6CA8AAA29BDBB5F3CD4661FDCCF983D151484E6
C:\Program Files\StarWarsGalaxies\Ui\ui_pda_net_status.inc	ASCII text, with CRLF line terminators	A8D03E85C545052401C9D590EAC63D58	2BEB067CD279DB451B7A497030EFF070E7D4299F	E0BA0C04ECA09EBD8DD56540F5647CF5EDA1E0DC57CCADC1B0A8A13E7E479785
C:\Program Files\StarWarsGalaxies\Ui\ui_styles.inc	ASCII text, with CRLF line terminators	4552DBC415EF4CA0A883759B1E3ECB52	2769B7543436DE4B892748F76AEED5F3E0328E26	AD953841D36FD04FD59C6213D92F0AC19F3F6D22D98788084A507890A0F7C7C4
C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack.zip	Zip archive data, at least v2.0 to extract, compression method=deflate	4D5E04B6CE80B7C05A22BFB47F24F4C6	75E11BDDB66A7880EE32142A255175B988ACD76E	6C590620385614A5D549D8760C064A2FDB0B8181A47D3394726B01D09881FF82
C:\Users\user\AppData\Local\Temp\ModSource UI Addon Pack\ModSource UI Addon Pack.exe	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive	DC0AEE7C1898F76B9D61CE023B91539C	320B203FAEC0555BA0565AB4C9A4DC5CCBA20BFD	BA9BD9929813326D744A0512A428D5010C7FB0FBB5F2F0F97002191770FE5DA1
C:\Users\user\AppData\Local\Temp\ModSource_UI_Addon_Pack.ver	ASCII text, with no line terminators	D1BD83A33F1A841AB7FDA32449746CC4	70142F66475AE2FB33722D8D4750F386ECFEFE7B	D84BDB34D4EEEF4034D77E5403F850E35BC4A51B1143E3A83510E1AAAD839748
C:\Users\user\AppData\Local\Temp\nsa449D.tmp	data	61D7EE74FB7201ADDF1A50CB5D7C4C95	C6B56ACF07EA4F11708912EA6000F259C2181C8E	A8D2BF472FBB18C5A8801443818D252BEB7C26F9C4D2C2981C90A8B5F0BF2DB1
C:\Users\user\AppData\Local\Temp\nsb13F8.tmp	data	33E9CEB08AC8C6BB13EACD0D1EDF16CB	60BFDD27095FE505BF40B8FE52D833215AAAD3C6	952ACCB665179174003F303D578A2675704897A3E2E675C679D3FC712D7F8341
C:\Users\user\AppData\Local\Temp\nsb13F9.tmp\NSISdl.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	F716C100F551AC57E862C7B72DFE2B87	A6FB358FD268507535178A8827943F1905F2606B	D92B88C3096A5D09C1F9744B62668D588CC8B1992FD88FA5C88C4636121C9F44
C:\Users\user\AppData\Local\Temp\nsb13F9.tmp\ZipDLL.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	2DC35DDCABCB2B24919B9AFAE4EC3091	9EEED33C3ABC656353A7EBD1C66AF38CCCADD939	6BBEB39747F1526752980D4DBEC2FE2C7347F3CC983A79C92561B92FE472E7A1
C:\Users\user\AppData\Local\Temp\nsk44DC.tmp\NSISdl.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	F716C100F551AC57E862C7B72DFE2B87	A6FB358FD268507535178A8827943F1905F2606B	D92B88C3096A5D09C1F9744B62668D588CC8B1992FD88FA5C88C4636121C9F44
C:\Users\user\AppData\Local\Temp\nsk44DC.tmp\StartMenu.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	80A55B35582678D845CCCA04F52CADA3	82D1236218C95A34425B8831EF1627C0C5919DFA	E66DD544C167C9EBB3D8ED18622276C350E5C97C076C7C81B514BAB6446A3CA5
C:\Users\user\AppData\Local\Temp\nsk44DC.tmp\System.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	4FBB4A2CD711FC1FE84F3DC30C491DC9	888E01AE6E64E7326F88DF9A30587F699EAB154A	C3B05F4FAF5E8903D5B4CB4A8CE4BBF2E8144725B98D8787D51C117B6EFA9BC2
C:\Users\user\AppData\Local\Temp\nsk44DC.tmp\modern-wizard.bmp	PC bitmap, Windows 3.x format, 164 x 314 x 4, image size 26376, resolution 2834 x 2834 px/m, cbSize 26494, bits offset 118	CBE40FD2B1EC96DAEDC65DA172D90022	366C216220AA4329DFF6C485FD0E9B0F4F0A7944	3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
C:\Users\user\AppData\Local\Temp\nsk44DC.tmp\nsDialogs.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	6E5D67DE86BBE1424C948EC22490E16E	EB472A706F5B28F3151C14741926E1107B5BFAFD	D337A4FB3A455B847696AC70A6C070272E108E094D2B4395E3BDC1C76B86B8AE
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModSource UI Addon Pack\Mod-Source - Your Source for SWG Modding Stuff.lnk	MS Windows shortcut, Item id list present, Has Working directory, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	4E67D7931E065A97BBB0597DDF09DAC7	D8435F8FF13ED6724A3DE511D54CB49132A819D9	770CD0418162C05877262F6D45085E1CDF69945CCCC9FB53B2CCBB8C1394A572
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModSource UI Addon Pack\ModSource UI Addon Pack Updater.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Sat Aug 15 16:43:06 2009, mtime=Tue Feb 7 17:59:46 2023, atime=Sat Aug 15 16:43:06 2009, length=116184, window=hide	361DBCC8D111AC0E78AC788F44885691	AE99FD92EE440682E70FD3BBBD2F85E2125C3733	C9A27E2F7DE3C9AC2D54D6DA8DD4DD80F0DABB368FD54EE5D12C074D15EF9A6E
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModSource UI Addon Pack\Pre-NGE UI Changelog.lnk	MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	B48B77E2570F74E39EDC4B59164783F8	53D15FD868DFC85FDFA9933BE770F09961AB5EA1	8081CB36AAA0FAA3F3A7424349A008374207417332E6C1CB9B475E518C4DCB0D
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModSource UI Addon Pack\Readme ModSource UI Addon Pack.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Sat Aug 15 16:19:08 2009, mtime=Tue Feb 7 17:59:46 2023, atime=Sat Aug 15 16:19:08 2009, length=24877, window=hide	D0B32E06A1DF118829D040481574648F	E698663B3726EA47488BB4BC95ABC210DBD37419	21CC083D58D656C50FDC53C25A07661BBF52132B3F488FA09003816D072440E8
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModSource UI Addon Pack\Uninstall the ModSource UI Addon Pack.lnk	MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Icon number=0, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide	CEC4BAA324A2A081883F4C04D0C98B58	99F551213E4BFEE326A129D71855B0265BC9BDE0	FE671D6FE585574CCFBFA625B76DFD3D908498A2F3920569E9E5016216804096
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ModSource UI Addon Pack Silent Updater.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Sat Aug 15 16:43:04 2009, mtime=Tue Feb 7 17:59:44 2023, atime=Sat Aug 15 16:43:04 2009, length=116158, window=hide	127592BB9D24A15579AECA73F6835640	390020875DFC9C6AE586AD798B22515B8838F7FA	C76DF73B55C058B1B9B52267170328AD339F330C10F5F7330C1BB2AFBA2C94EA

Windows Analysis Report
SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
SecuriteInfo.com.Trojan.DownLoader28.22066.19106.30146.exe