SuprBay: The PirateBay ForumMember ForumsPromote Your Shares v
My Grand Theft auto V torrent

My Grand Theft auto V torrent
HeroMaster
Last Active: Dec 06, 2017
Threads: 16
Posts: 84

Reputation: 5
#1
Apr 16, 2015, 14:16 pm (This post was last modified: Apr 19, 2015, 07:14 am by HeroMaster. Edited 1 time in total.)
Hello Guys, As you all know i just uploaded my last torrent a day ago, from now I would not be uploading any torrents, so my last upload Grand theft auto V one of my all time favorite game, was waiting for it and now it is officially release with crack, so all people who have any problem related to my torrent and what to know anything so they can post it over here and we would reply if find anything important and meaningful, here is my torrent, enjoy playing it:-

https://thepiratebay.se/torrent/11824999...LTi2-XaTaB

Thanks HeroMaster
(I hope for the best and bring the best)
Find
Reply
jammeloe
Last Active: May 06, 2015
Threads: 0
Posts: 4

Reputation: 0
#2
Apr 16, 2015, 14:42 pm
Hello

I can't seem to start the installer. setup.exe shows up in my processes for a while, but nothing really happens.
I did try deleting setup.exe then force recheck and restarting my PC, still nothing.
I have downloaded a different release, produces the same symptoms

Any ideas?
Find
Reply
HeroMaster


Original Poster
Last Active: Dec 06, 2017
Threads: 16
Posts: 84

Reputation: 5
#3
Apr 16, 2015, 14:51 pm
(Apr 16, 2015, 14:42 pm)jammeloe Wrote: Hello

I can't seem to start the installer. setup.exe shows up in my processes for a while, but nothing really happens.
I did try deleting setup.exe then force recheck and restarting my PC, still nothing.
I have downloaded a different release, produces the same symptoms

Any ideas?

Restart your PC, start as admin and check it again, or try to download the setup file again, and check all torrent size what you downloaded is what you have get?? and also try to move the folder to new destination, that might help you solve your problem.
Find
Reply
DEADM1K3
Last Active: Apr 17, 2015
Threads: 0
Posts: 2

Reputation: 0
#4
Apr 16, 2015, 16:14 pm
Hi there,

When i load the game up after installing it says i cant connect to the social club and i must fix the issue before playing the game,

Do you know if or how to fix this?
Find
Reply
unconquerable123
Last Active: Apr 17, 2015
Threads: 0
Posts: 1

Reputation: 0
#5
Apr 16, 2015, 16:31 pm
I'm also stuck at 21.5%. Anyone have a fix for this yet? It also stops counting time passed, as the prgress stopped. Thanks!
Find
Reply
South951
Last Active: Apr 18, 2015
Threads: 0
Posts: 2

Reputation: 0
#6
Apr 16, 2015, 16:31 pm
Hello, got problem with Social Club asking for activation key?
Find
Reply
uzy-gangster
Last Active: May 05, 2015
Threads: 0
Posts: 1

Reputation: 0
#7
Apr 16, 2015, 16:53 pm
Im stuck at 21.5% too, should I restart the installation?

Also thanks for the torrent!
Find
Reply
AZ242
Last Active: Apr 16, 2015
Threads: 0
Posts: 2

Reputation: 0
#8
Apr 16, 2015, 16:55 pm
(Apr 16, 2015, 16:14 pm)DEADM1K3 Wrote: Hi there,

When i load the game up after installing it says i cant connect to the social club and i must fix the issue before playing the game,

Do you know if or how to fix this?

I get "social club failed to launch due to incomplete installation"?
Find
Reply
DEADM1K3
Last Active: Apr 17, 2015
Threads: 0
Posts: 2

Reputation: 0
#9
Apr 16, 2015, 17:02 pm
(Apr 16, 2015, 16:55 pm)AZ242 Wrote:
(Apr 16, 2015, 16:14 pm)DEADM1K3 Wrote: Hi there,

When i load the game up after installing it says i cant connect to the social club and i must fix the issue before playing the game,

Do you know if or how to fix this?

I get "social club failed to launch due to incomplete installation"?

Yeah, thats the error im getting too.
Find
Reply
VriendP
Last Active: Apr 17, 2015
Threads: 0
Posts: 2

Reputation: 0
#10
Apr 16, 2015, 17:19 pm
Quote:Appears to be bitcoin related malware, possibly a bitcoin miner. Ran the sample through my FireEye MAS (Malware Analysis Platform) and posted the report. It appears to be looking for a lot of programs and creates some files in the user profile folder. Sorry for the long output. Have a look and then decide whether or not you wanna fire it up. I decided I won't. Smile


Quote:
Quote:R ID Type IM Analysis Malware URL Profile Name  -  Application Md5sum Submitted (CEST) Desc-lt Complete (CEST) Status Submitter
No child 
show | hide
Notes
495 exe Yes Sandbox 
Malware.Binary.exe
file://setup.exe 
win7-sp1 -  Windows Explorer
580db15a4fba1fe58498185d8dea3687
04/16/15 22:25:21 04/16/15 22:30:31 Success
(text) 
(download clip) admin
Malware:   Malware.Binary.exe
Application Type: Windows Explorer
File Type: exe

VM Capture: pcap 580 bytes   (text)   (download clip)
Analysis OS: Microsoft Windows7 32-bit 6.1 sp1 15.0210
Archived Object: 580db15a4fba1fe58498185d8dea3687.zip
OS Change Detail   (version: 1.729)     | Items: 543  | OS Info: Microsoft Windows7 32-bit 6.1 sp1 15.0210   Top
Type Mode/Class Details (Path/Message/Protocol/Hostname/Qtype/ListenPort etc.) Process ID Parent ID File Size
Analysis 
Malware

Application 

3 Repeated items skipped
Uac 
Service
Office Software Protection Platform

Uac 
Service
Windows Error Reporting Service

Uac 
Service
Background Intelligent Transfer Service

Uac 
Service
SSDP Discovery

Uac 
Service
Software Protection

Uac 
Service
Security Center

Uac 
Service
Portable Device Enumerator Service

Process 
Started
C:\Users\admin\AppData\Local\Temp\setup.exe
 Parentname:  C:\Windows\System32\cmd.exe
 Command Line:  "C:\Users\admin\AppData\Local\Temp\setup.exe"
 MD5:  580db15a4fba1fe58498185d8dea3687
 SHA1: 8d85839dcedfabe4d2cb47011a6327979b34f3b9
1744 1456 3433984
Malicious  Alert 
Generic  Process  Launch  Activity
Message:   Startup behavior anomalies observed    Detail:   A new process has been launched   

File 
Failed
C:\Users\admin\AppData\Local\Temp\SSPICLI.DLL
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\UXTHEME.DLL
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\WINMM.DLL
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\SAMCLI.DLL
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\MSACM32.DLL
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\VERSION.DLL
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\SFC.DLL
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\SFC_OS.DLL
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\USERENV.DLL
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\PROFAPI.DLL
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\DWMAPI.DLL
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\MPR.DLL
1744 
Regkey 
Queryvalue
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
1744 
File 
Failed
C:\Windows\System32\MSCOREE.DLL.LOCAL
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\SETUP.EXE.CONFIG
1744 
API Call 
 API Name:  GetSystemDirectoryW   Address:  0x653a1e6b
 Params:  [0x2bf25c, 260] 
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  kernel32.dll
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\SETUP.EXE.LOCAL
1744 
File 
Failed
C:\Users\admin
1744 
File 
Failed
C:\Users\admin\AppData\Roaming
1744 
File 
Failed
C:\Users\admin\AppData\Roaming\Microsoft\CLR SECURITY CONFIG\V2.0.50727.312\SECURITY.CONFIG
1744 
File 
Failed
C:\Users\admin\AppData\Roaming\Microsoft\CLR SECURITY CONFIG\V2.0.50727.312\SECURITY.CONFIG.CCH
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\CRYPTBASE.DLL
1744 
API Call 
 API Name:  GetSystemDirectoryW   Address:  0x6a3a172b
 Params:  [0x2be954, 260] 
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  kernel32.dll
1744 
File 
Failed
C:\Windows\Globalization\EN-US.NLP
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\PROPSYS.DLL
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\VS70UIMGR.DLL
1744 
API Call 
 API Name:  GetSystemDirectoryW   Address:  0x73e256d4
 Params:  [0x2bdaa8, 260] 
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  kernel32.dll
1744 
API Call 
 API Name:  GetSystemDirectoryW   Address:  0x73e256d4
 Params:  [0x2bda70, 260] 
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  kernel32.dll
1744 
File 
Failed
C:\Users\admin\AppData\Local\Microsoft\Windows\Caches
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\NTMARTA.DLL
1744 
API Call 
 API Name:  GetVolumeNameForVolumeMountPointW   Address:  0x75f70aaa
 Params:  [NULL, \\?\Volume{2448f764-31ef-11e1-af3d-806e6f6e6963}\] 
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  kernel32.dll
1744 
API Call 
 API Name:  GetTokenInformation   Address:  0x75f70172
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  advapi32.dll
1744 
API Call 
 API Name:  GetVolumeNameForVolumeMountPointW   Address:  0x75f70aaa
 Params:  [NULL, \\?\Volume{2448f764-31ef-11e1-af3d-806e6f6e6963}\] 
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  kernel32.dll
1744 
API Call 
 API Name:  GetVolumeNameForVolumeMountPointW   Address:  0x75f70aaa
 Params:  [NULL, \\?\Volume{2448f764-31ef-11e1-af3d-806e6f6e6963}\] 
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  kernel32.dll
1744 
9 Repeated items skipped
API Call 
 API Name:  GetVolumeNameForVolumeMountPointW   Address:  0x75f70e20
 Params:  [NULL, \\?\Volume{2448f767-31ef-11e1-af3d-806e6f6e6963}\] 
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  kernel32.dll
1744 
API Call 
 API Name:  GetVolumeNameForVolumeMountPointW   Address:  0x75f70e20
 Params:  [NULL, \\?\Volume{2448f763-31ef-11e1-af3d-806e6f6e6963}\] 
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  kernel32.dll
1744 
API Call 
 API Name:  GetVolumeNameForVolumeMountPointW   Address:  0x75f70e20
 Params:  [NULL, \\?\Volume{2448f764-31ef-11e1-af3d-806e6f6e6963}\] 
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  kernel32.dll
1744 
API Call 
 API Name:  GetTokenInformation   Address:  0x755b5c62
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  advapi32.dll
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\SECUR32.DLL
1744 
Mutex 
\Sessions\1\BaseNamedObjects\ZonesCacheCounterMutex
1744 
Regkey 
Deleteval
\REGISTRY\USER\S-1-5-21-344981575-398944299-1130229096-1000\Software\Microsoft\Windows\CurrentVersio
  n\Internet Settings\ZoneMap\"ProxyBypass"
1744 
Regkey 
Deleteval
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\"ProxyBypass"
1744 
Regkey 
Deleteval
\REGISTRY\USER\S-1-5-21-344981575-398944299-1130229096-1000\Software\Microsoft\Windows\CurrentVersio
  n\Internet Settings\ZoneMap\"IntranetName"
1744 
Regkey 
Deleteval
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\"IntranetName"
1744 
Regkey 
Setval
\REGISTRY\USER\S-1-5-21-344981575-398944299-1130229096-1000\Software\Microsoft\Windows\CurrentVersio
  n\Internet Settings\ZoneMap\"UNCAsIntranet" = 0x00000000
1744 
Regkey 
Setval
\REGISTRY\USER\S-1-5-21-344981575-398944299-1130229096-1000\Software\Microsoft\Windows\CurrentVersio
  n\Internet Settings\ZoneMap\"AutoDetect" = 0x00000001
1744 
Mutex 
\Sessions\1\BaseNamedObjects\ZonesLockedCacheCounterMutex
1744 
Regkey 
Deleteval
\REGISTRY\USER\S-1-5-21-344981575-398944299-1130229096-1000\Software\Microsoft\Windows\CurrentVersio
  n\Internet Settings\ZoneMap\"ProxyBypass"
1744 
Regkey 
Deleteval
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\"ProxyBypass"
1744 
Regkey 
Deleteval
\REGISTRY\USER\S-1-5-21-344981575-398944299-1130229096-1000\Software\Microsoft\Windows\CurrentVersio
  n\Internet Settings\ZoneMap\"IntranetName"
1744 
Regkey 
Deleteval
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\"IntranetName"
1744 
Regkey 
Setval
\REGISTRY\USER\S-1-5-21-344981575-398944299-1130229096-1000\Software\Microsoft\Windows\CurrentVersio
  n\Internet Settings\ZoneMap\"UNCAsIntranet" = 0x00000000
1744 
Regkey 
Setval
\REGISTRY\USER\S-1-5-21-344981575-398944299-1130229096-1000\Software\Microsoft\Windows\CurrentVersio
  n\Internet Settings\ZoneMap\"AutoDetect" = 0x00000001
1744 
Folder 
Open
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\API-MS-WIN-DOWNLEVEL-ADVAPI32-L2-1-0.DLL
1744 
Process 
Started
C:\Users\admin\AppData\Local\Temp\setup.exe
 Parentname:  C:\Users\admin\AppData\Local\Temp\setup.exe
 Command Line:  "C:\Users\admin\AppData\Local\Temp\setup.exe" runas
 MD5:  580db15a4fba1fe58498185d8dea3687
 SHA1: 8d85839dcedfabe4d2cb47011a6327979b34f3b9
3956 1744 3433984
File 
Failed
C:\Users\admin\AppData\Local\Temp\UI\SWDRM.DLL
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\MANUALS\2000TBOX\2000.PDF
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\AOLTECH\MODEMS.SIM
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\INTELNT\ARCSERVE.IT\ASCORE.DLL
1744 
File 
Failed
C:\Users\admin\AppData\Local\ARMEDANDDANGEROUS.EXE
1744 
File 
Failed
C:\Users\admin\AppData\CUPPA.ICO
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\LOTUS\APPROACH\APPROACH.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\SUPPORT\DOTNETFX\DOTNETFX.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\ATTUNE\BIN\ATTUNE.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\BKOFFICE\I386\MSOADMIN.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\BOCLIENT\SETUP.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\BKOFFICE\I386\BOSRES.DLL
1744 
File 
Failed
C:\Users\admin\AppData\Local\TOOLS\MSOSCHMA.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\HANDBUCH\AVK INTERNETSECURITY 2006.PDF
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\LDATA\GRAMROCK.WAV
1744 
File 
Failed
C:\Users\admin\AppData\HANDBUCH\AVK INTERNETSECURITY 2006.PDF
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\NUMBERS\NUMBERS.DLL
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\NUMBDATA\NUMBERS.DLL
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\INSTALL\DATA\SDREADME.PDF
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\RESOURCE\CHOICE1.PRD
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\I386\_SETUP.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\SFILES\FAC32.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\INSTALL\SETUP32.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\PROGRAM FILES\ASPYR\WAKEBOARDING UNLEASHED\START.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\SFILES\TFF32.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\QUICKEN\CUSTOM\QUICKOFF.INI
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\DOCUMENTATION\PN6README.DOC
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\RESOURCES\MYOBODBC\IKERNEL.EX_
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\MDAC\2.51.5303.5\MDAC_TYP.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\DOCUMENTATION\PFSV401.PDF
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\HELP\BB2001.HLP
1744 
File 
Failed
C:\Users\admin\AppData\Local\INSTALL\DATA\BZHW8.ZFS
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\GAME\DRIVERDB.BIN
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\_AUTORUN\SUPPORT\SUPPORT.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\AUTORUN\AUTOPLAY.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\PROGRAM FILES\MICROSOFT BIZTALK SERVER\SETUP\BTSSETUPDB.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\MERGEGAL\MERGEGAL.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\SFILES\LETTERBUGS
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\CATALOG\CHILDREN\LANDBEFORETIME\LBTLRGLOGO.GIF
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\BP4\SETUP.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\DATA\CTP.ICO
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\CDCREATR\CREATR32.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\EXE\CONFIG.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\DOCUMENTATION\DNMU.PDF
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\DATA\CHARLIE.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\MYCHECKBOOK\MYSOFT.INI
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\PROGRAM FILES\CLARIFY\CLARIFY.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\SOUNDS\SOUNDS.CC2
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\DATA\SOFTBALL.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\COMANDOS\VIDEO\H_AFRI.AVI
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\EXE\CFS3.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\REDISTRIB\ADVSECMIG\MIGRATION\CFML.EXE
1744 
File 
Failed
C:\Windows\System32\inetsrv\W3WP.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\DATA\ARENA1.ATD
1744 
File 
Failed
C:\Users\admin\AppData\Local\DXGUARD\DXG32.DLL
1744 
File 
Failed
C:\Users\admin\AppData\Local\INSTALL.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\INSTMENU.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\SETUP\DINO\HD\DINO.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\ENGSETUP\ENGSETUP.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\DATA\MENU1.DAH
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\MANUAL\EASYUN~1.PDF
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\FS98\FLTSIM95.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\DATA\HEAVY GEAR 2.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\DATA\DATA\BIKES.DAT
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\WW2001\WWSETUP.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\TEMPWE\WINEYES.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\TMPWEPRO\GWM32.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\WINEYES\TMPWEPRO\WINEYES.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\_SETUP\HH2003.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\_SETUP\HH2004.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\_AUTORUN\AUTORUN.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\WIN98N\W98SETUP.BIN
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\WIN98\W98SETUP.BIN
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\CEPB\BIN\CEMGR.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\GROUND CONTROL\GRAPHICS.SDF
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\HALLMARK CARD STUDIO 2005\PROGRAM FILES\SIERRA\HALLMARK CARD STUDI
  O 2005\HALLMARK CARD STUDIO.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\GUARDDOG\SETUP.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\IGD\IGD.MSI
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\DRIVERS\DUALA.VXD
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\OUTLOUD\TTSCLEAN.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\WHAT'S_NEW_IN_HOMESITE_45\WHATSNEWHS45.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\SETUP\HOT2000\DATA\GAME\BEACHHI.PLZ
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\301\INSTALL\AVWSNTJA.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\300\INSTALL\AVWSNTEA.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\SUPPORT\IMAGES\KEF4.ICO
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\GLOBAL\WSS.MSI
1744 
File 
Failed
C:\Users\admin\AppData\Local\INSTALLER.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\DRAGON\DNSCOMPATIBILITY.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\WP4INET\HELP\ABOUT.HTM
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\DATA\WP5.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\PVR\PVR45XXX.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\MANUAL\WINTVMAN_ENG.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\D6RUN\BALLBMO.BMP
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\DIAGNOSTICS\LANGMASTERDOCTOR.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\COREL\PROGRAMS\WPWIN9.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\ENGLISH\WIN95\OEMUSB.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\DATA\TEACHER.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\LLW32\LLW.1
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\LLW32\LLWSETUP.INI
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\DVC325\DATA.TAG
1744 
File 
Failed
C:\Users\admin\AppData\LAPLINK.ICO
1744 
File 
Failed
C:\Users\admin\AppData\Local\TOOLS\MAKEDISK.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\WELCOME.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\GAME\WWS98.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\SETUP.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS FOR WORKSTATION 5
  \FSSYNC.DLL
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\SETUP\DATA1.CAB
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\GAME\LILOPC.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\VISTA\SETUP.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\ABBYY LINGVO 11\LVINSTALL.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\FISHIN\FISHIN.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\DRIVERS\BIN\CAMWIZARD.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\DATA\MENU1.DAP
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\DATA\MENU6.DAL
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\WIN95\CXCAP.DRV
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\CAMWARE\CAMWARE.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\QUICKCAM\CAMWARE.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\QUICKCAM\QUICKCAM.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\QUICKCAM\TEMP\LVIHLP.DLL
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\QCDRIVER\QCINSENU.DLL
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\DATA\ZOO.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\FILES\ZT.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\ZX7SETUP\RELNOTES.TXT
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\LANGS\ZTRES.DLL
1744 
File 
Failed
C:\Users\admin\AppData\Local\AILOGO.ICO
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\ZX7SETUP\RELNOTES.TXT
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\ED5_WIN\ED5_WIN.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\MSBRAIN\MSBRAIN.EX_
1744 
File 
Failed
C:\Users\admin\AppData\Local\MANUALS\UNINSTAL\UI_51.PDF
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\MANUALS\UI\UI_51.PDF
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\MPFPLUSH\MPFPLUSSETUP.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\MFSETUP.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\CORE\DEF\WCESCOMM.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\INSTALL\MGXFMA.Z
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\COMMON\DYNAMICS NAV\APPLICATION HANDLER\NSAPPHANDLER.DLL
1744 
File 
Failed
C:\Windows\System32\Macromed\Flash\FLASH.OCX
1744 
File 
Failed
C:\Windows\System32\Macromed\Flash\FLASH8.OCX
1744 
File 
Failed
C:\Windows\System32\Macromed\Flash\FLASH8B.OCX
1744 
File 
Failed
C:\Windows\System32\Macromed\Flash\FLASH9.OCX
1744 
File 
Failed
C:\Windows\System32\Macromed\Flash\FLASH9B.OCX
1744 
File 
Failed
C:\Windows\System32\Macromed\Flash\FLASH9C.OCX
1744 
File 
Failed
C:\Windows\System32\Macromed\Flash\FLASH9D.OCX
1744 
File 
Failed
C:\Windows\System32\Macromed\Flash\FLASH9E.OCX
1744 
File 
Failed
C:\Windows\System32\Macromed\Flash\FLASH9F.OCX
1744 
File 
Failed
C:\Windows\System32\Macromed\Flash\FLASH10.OCX
1744 
File 
Failed
C:\Windows\System32\Macromed\Flash\FLASH10A.OCX
1744 
File 
Failed
C:\Windows\System32\Macromed\Flash\FLASH10B.OCX
1744 
File 
Failed
C:\Windows\System32\Macromed\Flash\FLASH10C.OCX
1744 
File 
Failed
C:\Windows\System32\Macromed\Flash\FLASH10D.OCX
1744 
File 
Failed
C:\Windows\System32\Macromed\Flash\FLASH10E.OCX
1744 
File 
Failed
C:\Windows\System32\Macromed\Flash\FLASH10F.OCX
1744 
File 
Failed
C:\Windows\System32\Macromed\Flash\FLASH11.OCX
1744 
File 
Failed
C:\Windows\System32\Macromed\Flash\FLASH11A.OCX
1744 
File 
Failed
C:\Windows\System32\Macromed\Flash\FLASH11B.OCX
1744 
File 
Failed
C:\Windows\System32\Macromed\Flash\FLASH11C.OCX
1744 
File 
Failed
C:\Windows\System32\Macromed\Flash\FLASH11D.OCX
1744 
File 
Failed
C:\Windows\System32\Macromed\Flash\FLASH11E.OCX
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\X86\SETUP\SQL_RS.MSI
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\XBOX360\SETUP\FILES\XBOXSTAT.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\MSN\MSNCORE.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\MYDVD_613\MYDVD.MSI
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\FONTS\DATA1.HDR
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\NBA98\B0_00.VCT
1744 
File 
Failed
C:\Users\admin\AppData\Local\TEXTURES\R-LUNA.UTX
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\NEROMIX\API\WNASPI32.DLL
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\DOCUMENTATION\APPMANAGER RESPONSE TIME\AM_AD-RT.PDF
1744 
File 
Failed
C:\Users\admin\AppData\Local\DOCUMENTATION\APPMANAGER RESPONSE TIME\AM_AD-RT.PDF
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\ACTIVEKNOWLEDGE MODULES\NETIQ OPERATIONS MANAGER AND SECURITY MANA
  GER.AKM
1744 
File 
Failed
C:\Users\admin\AppData\Local\DATA5.CAB
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\SEVINST\SEVINST.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\NCDSTART.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\NCGSTART.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\GHOSTPE\GHOST\GHOSTPE.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\MANUAL\PEACHTREE OFFICE ACCOUNTING USER'S GUIDE.PDF
1744 
File 
Failed
C:\Users\admin\AppData\Local\PRESS\PC6_MANUAL PARTITIONING.PCX
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\CD\XSERVER LIB
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\PACKAGER\SYMANTEC PACKAGER.MSI
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\PACKAGES\SYMANTEC PCANYWHERE - AUTOSTART HOST.MSI
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\PACKAGES\SYMANTEC PCANYWHERE - AUTOSTART-HOST.MSI
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\PEACHW\PEACH.ICO
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\INSTALLS\PCANYWHERE\PCA32\CD\DISK1\ISCUSTOM.DLL
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\PIP2001\PIP.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\PIPOMATE\PIPOMA.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\PMAP40\PMAP.BMP
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\SETUP\PRINCESS FASHION\CD\BUCKET.CUR
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\CUSTOM\CUSTOM_COWBOY.PSD
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\DOCS\PFM WORKSTATION INSTALL.DOC
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\BACKUP\PREMIUM PLUS.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\QUICKBOOKS LETTERS\EMPLOYEE LETTERS\SICK TIME.DOC
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\ALPHA BUILD 1272A\OLD\VTEST60.DLL\VTEST60.DLL
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\RUNTIME\RUNTIME.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\OBJECTS\BOATS\BOAT11.3DF
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\ENGLISH\DUAL-OPTION_USERMANUAL.PDF
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\ROBOWORD\ROBOWORD.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\FIREWALL\TVDRIVERSETUP.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\FIREWALL\FWINSTALL.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\FILES\SHOWCPYR\VERSION.DLL
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\BIN\RSL.DLL
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\SERVERCONTROL\SCSETUP.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\NORMAN\NPF142R3_ENG.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\EXTERNAL\JP\SD-JUKEBOXV6.PDF
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\SETUP\CREATING KEEPSAKES SCRAPBOOK DESIGNER.MSI
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\AMERICAN\AMERICAN.TXT
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\TRACKS\BATFLYER.TD4
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\SCENARIOS\SIX FLAGS MAGIC MOUNTAIN.SC6
1744 
File 
Failed
C:\Users\admin\AppData\Local\ROBOWORD\ROBOWORD.EXE
1744 
File 
Failed
C:\Users\READ1ST.TXT
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\DISK01NT\REACHOUT.PRM
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\SPS\SPS.MSI
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\SHAREPOINT PORTAL SERVER\BIN\MOVESPSDMFILES.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\_AUTORUN\SU.ICO
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\ED1_WIN\ED1_WIN.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\DISK1\REACHOUT.1
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\RTL8187B\VISTAX86\RTL8187B.SYS
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\BACKUP\FILE BACKUP.EXE
1744 
File 
Failed
C:\Windows\System32\MSJAVA.DLL
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\PC\AMMO\GRENADE\AMMO.QVM
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\SAMPLES\INTERNAT SIGMAPLOT MACRO LIBRARY.JNB
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\I386\WSPCPL32.CPL
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\NEWSFLASH\NEWSFLSH.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\ANIM\BULLAKD\PBRBULLA.VOL
1744 
File 
Failed
C:\Users\admin\AppData\Local\BIN\DBUTIL.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\PROGRAMS\PWFAXMGR.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\ESAS\ESASSETUP.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\DOCS\SS_SECURITY_AASG.HTM
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\MSSDETECT\IIS_SRV.INF
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\SETUP\PRINTMASTER 16.PDF
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\SETUP\THE PRINT SHOP 20.MSI
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\SETUP\THE PRINT SHOP 22.MSI
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\POWERBUILDER7\SETUP.INI
1744 
File 
Failed
C:\Users\admin\AppData\Local\SV4SETUP.EXE
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\INSTALLS\UTILITY\DISKGEN.EXE
1744 
Process 
Duplicate  Opened

Target:   C:\Users\admin\AppData\Local\Temp\setup.exe    Source:   C:\Users\admin\AppData\Local\Temp\setup.exe   
3956
1744
1744
1744

API Call 
 API Name:  SleepEx   Address:  0x6a2dd7c0
 Params:  [4294967295, 0] 
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  kernel32.dll
1744 
API Call 
 API Name:  SleepEx   Address:  0x6a2dd7c0
 Params:  [20, 0] 
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  kernel32.dll
1744 
API Call 
 API Name:  SleepEx   Address:  0x6a2dd7c0
 Params:  [20, 0] 
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  kernel32.dll
1744 
File 
Failed
C:\Users\admin\AppData\Local\Temp\SSPICLI.DLL
3956 
File 
Failed
C:\Users\admin\AppData\Local\Temp\UXTHEME.DLL
3956 
File 
Failed
C:\Users\admin\AppData\Local\Temp\WINMM.DLL
3956 
File 
Failed
C:\Users\admin\AppData\Local\Temp\SAMCLI.DLL
3956 
File 
Failed
C:\Users\admin\AppData\Local\Temp\MSACM32.DLL
3956 
File 
Failed
C:\Users\admin\AppData\Local\Temp\VERSION.DLL
3956 
File 
Failed
C:\Users\admin\AppData\Local\Temp\SFC.DLL
3956 
File 
Failed
C:\Users\admin\AppData\Local\Temp\SFC_OS.DLL
3956 
File 
Failed
C:\Users\admin\AppData\Local\Temp\USERENV.DLL
3956 
File 
Failed
C:\Users\admin\AppData\Local\Temp\PROFAPI.DLL
3956 
File 
Failed
C:\Users\admin\AppData\Local\Temp\DWMAPI.DLL
3956 
File 
Failed
C:\Users\admin\AppData\Local\Temp\MPR.DLL
3956 
API Call 
 API Name:  SleepEx   Address:  0x6a2dd7c0
 Params:  [20, 0] 
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  kernel32.dll
1744 
API Call 
 API Name:  Sleep   Address:  0x76e3d98d
 Params:  [60000] 
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  kernel32.dll
1744 
API Call 
 API Name:  SleepEx   Address:  0x6a2dd7c0
 Params:  [20, 0] 
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  kernel32.dll
1744 
Regkey 
Queryvalue
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
3956 
API Call 
 API Name:  GetSystemDirectoryW   Address:  0x653a1e6b
 Params:  [0x2af294, 260] 
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  kernel32.dll
3956 
File 
Failed
C:\Windows\System32\MSCOREE.DLL.LOCAL
3956 
File 
Failed
C:\Users\admin\AppData\Local\Temp\SETUP.EXE.CONFIG
3956 
File 
Failed
C:\Users\admin\AppData\Local\Temp\SETUP.EXE.LOCAL
3956 
File 
Failed
C:\Users\admin
3956 
File 
Failed
C:\Users\admin\AppData\Roaming
3956 
File 
Failed
C:\Users\admin\AppData\Roaming\Microsoft\CLR SECURITY CONFIG\V2.0.50727.312\SECURITY.CONFIG
3956 
File 
Failed
C:\Users\admin\AppData\Roaming\Microsoft\CLR SECURITY CONFIG\V2.0.50727.312\SECURITY.CONFIG.CCH
3956 
File 
Failed
C:\Users\admin\AppData\Local\Temp\CRYPTBASE.DLL
3956 
API Call 
 API Name:  GetSystemDirectoryW   Address:  0x6a3a172b
 Params:  [0x2ae984, 260] 
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  kernel32.dll
3956 
File 
Failed
C:\Windows\Globalization\EN-US.NLP
3956 
File 
Failed
C:\Users\admin\AppData\Local\Temp\EN-US\DTQRFG.RESOURCES.DLL
3956 
File 
Failed
C:\Users\admin\AppData\Local\Temp\EN-US\DTQRFG.RESOURCES\DTQRFG.RESOURCES.DLL
3956 
File 
Failed
C:\Users\admin\AppData\Local\Temp\EN-US\DTQRFG.RESOURCES.EXE
3956 
File 
Failed
C:\Users\admin\AppData\Local\Temp\EN-US\DTQRFG.RESOURCES\DTQRFG.RESOURCES.EXE
3956 
API Call 
 API Name:  GetSystemDirectoryW   Address:  0x002ba110
 Params:  [0x4e2770, 260] 
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  kernel32.dll
3956 
API Call 
 API Name:  GetSystemDirectoryW   Address:  0x73e256d4
 Params:  [0x2ada88, 260] 
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  kernel32.dll
3956 
API Call 
 API Name:  GetSystemDirectoryW   Address:  0x73e256d4
 Params:  [0x2ada50, 260] 
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  kernel32.dll
3956 
API Call 
 API Name:  GetTokenInformation   Address:  0x755b5c62
 Params:  [0x2d4, 0x19] 
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  advapi32.dll
3956 
API Call 
 API Name:  GetTokenInformation   Address:  0x755b5c9d
 Params:  [0x2d4, 0x19] 
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  advapi32.dll
3956 
API Call 
 API Name:  GetTokenInformation   Address:  0x755b5c62
 Params:  [0x2d4, 0x19] 
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  advapi32.dll
3956 
API Call 
 API Name:  GetTokenInformation   Address:  0x755b5c9d
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  advapi32.dll
3956 
API Call 
 API Name:  GetVolumeNameForVolumeMountPointW   Address:  0x75f70aaa
 Params:  [NULL, \\?\Volume{2448f764-31ef-11e1-af3d-806e6f6e6963}\] 
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  kernel32.dll
3956 
File 
Failed
C:\Windows\Globalization\EN.NLP
3956 
File 
Failed
C:\Users\admin\AppData\Local\Temp\EN\DTQRFG.RESOURCES.DLL
3956 
File 
Failed
C:\Users\admin\AppData\Local\Temp\EN\DTQRFG.RESOURCES\DTQRFG.RESOURCES.DLL
3956 
File 
Failed
C:\Users\admin\AppData\Local\Temp\EN\DTQRFG.RESOURCES.EXE
3956 
File 
Failed
C:\Users\admin\AppData\Local\Temp\EN\DTQRFG.RESOURCES\DTQRFG.RESOURCES.EXE
3956 
Process 
Terminated
C:\Users\admin\AppData\Local\Temp\setup.exe
 Parentname:  C:\Windows\System32\cmd.exe
 Command Line:  N/A
1744 1456 
File 
Failed
C:\Users\admin\AppData\Local\Temp\PROPSYS.DLL
3956 
File 
Failed
C:\Users\admin\AppData\Local\Temp\VS70UIMGR.DLL
3956 
File 
Failed
C:\Users\admin\AppData\Local\Microsoft\Windows\Caches
3956 
File 
Failed
C:\Users\admin\AppData\Local\Temp\NTMARTA.DLL
3956 
File 
Failed
C:\Users\admin\AppData\Local\Temp\SECUR32.DLL
3956 
Mutex 
\Sessions\1\BaseNamedObjects\ZonesCacheCounterMutex
3956 
Regkey 
Deleteval
\REGISTRY\USER\S-1-5-21-344981575-398944299-1130229096-1000\Software\Microsoft\Windows\CurrentVersio
  n\Internet Settings\ZoneMap\"ProxyBypass"
3956 
Regkey 
Deleteval
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\"ProxyBypass"
3956 
Regkey 
Deleteval
\REGISTRY\USER\S-1-5-21-344981575-398944299-1130229096-1000\Software\Microsoft\Windows\CurrentVersio
  n\Internet Settings\ZoneMap\"IntranetName"
3956 
Regkey 
Deleteval
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\"IntranetName"
3956 
Regkey 
Setval
\REGISTRY\USER\S-1-5-21-344981575-398944299-1130229096-1000\Software\Microsoft\Windows\CurrentVersio
  n\Internet Settings\ZoneMap\"UNCAsIntranet" = 0x00000000
3956 
Regkey 
Setval
\REGISTRY\USER\S-1-5-21-344981575-398944299-1130229096-1000\Software\Microsoft\Windows\CurrentVersio
  n\Internet Settings\ZoneMap\"AutoDetect" = 0x00000001
3956 
Mutex 
\Sessions\1\BaseNamedObjects\ZonesLockedCacheCounterMutex
3956 
Regkey 
Deleteval
\REGISTRY\USER\S-1-5-21-344981575-398944299-1130229096-1000\Software\Microsoft\Windows\CurrentVersio
  n\Internet Settings\ZoneMap\"ProxyBypass"
3956 
Regkey 
Deleteval
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\"ProxyBypass"
3956 
Regkey 
Deleteval
\REGISTRY\USER\S-1-5-21-344981575-398944299-1130229096-1000\Software\Microsoft\Windows\CurrentVersio
  n\Internet Settings\ZoneMap\"IntranetName"
3956 
Regkey 
Deleteval
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\"IntranetName"
3956 
Regkey 
Setval
\REGISTRY\USER\S-1-5-21-344981575-398944299-1130229096-1000\Software\Microsoft\Windows\CurrentVersio
  n\Internet Settings\ZoneMap\"UNCAsIntranet" = 0x00000000
3956 
Regkey 
Setval
\REGISTRY\USER\S-1-5-21-344981575-398944299-1130229096-1000\Software\Microsoft\Windows\CurrentVersio
  n\Internet Settings\ZoneMap\"AutoDetect" = 0x00000001
3956 
Folder 
Open
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies
3956 
API Call 
 API Name:  SleepEx   Address:  0x6a2dd7c0
 Params:  [120000, 1] 
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  kernel32.dll
3956 
Process 
Started
C:\Windows\System32\cmd.exe
 Parentname:  C:\Users\admin\AppData\Local\Temp\setup.exe
 Command Line:  "C:\Windows\system32\cmd.exe" /c "C:\Users\admin\AppData\Local\Temp\data-8.bin"
 MD5:  ad7b9c14083b52bc532fba5948342b98
 SHA1: ee8cbf12d87c4d388f09b4f69bed2e91682920b5
4024 3956 302592
File 
Failed
C:\Windows\System32\UI\SWDRM.DLL
3956 
File 
Failed
C:\Users\admin\AppData\Local\Temp\UI\SWDRM.DLL
3956 
Process 
Duplicate  Opened

Target:   C:\Windows\System32\cmd.exe    Source:   C:\Users\admin\AppData\Local\Temp\setup.exe   
4024
3956
3956
3956

API Call 
 API Name:  GetVolumeNameForVolumeMountPointW   Address:  0x75f70e20
 Params:  [NULL, \\?\Volume{2448f767-31ef-11e1-af3d-806e6f6e6963}\] 
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  kernel32.dll
3956 
API Call 
 API Name:  GetVolumeNameForVolumeMountPointW   Address:  0x75f70e20
 Params:  [NULL, \\?\Volume{2448f763-31ef-11e1-af3d-806e6f6e6963}\] 
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  kernel32.dll
3956 
API Call 
 API Name:  GetVolumeNameForVolumeMountPointW   Address:  0x75f70e20
 Params:  [NULL, \\?\Volume{2448f764-31ef-11e1-af3d-806e6f6e6963}\] 
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  kernel32.dll
3956 
File 
Failed
C:\Users\admin\AppData\Local\Temp\SHFOLDER.DLL
3956 
Regkey 
Queryvalue
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
4024 
File 
Failed
C:\Users\admin\AppData\Roaming\Adobe\REVERSED
3956 
File 
Failed
C:\Users\admin\AppData\Roaming\Apple Computer\REVERSED
3956 
Process 
Terminated
C:\Windows\System32\cmd.exe
 Parentname:  C:\Users\admin\AppData\Local\Temp\setup.exe
 Command Line:  N/A
4024 3956 
File 
Failed
C:\Users\admin\AppData\Roaming\FileZilla\REVERSED
3956 
File 
Failed
C:\Users\admin\AppData\Roaming\Identities\REVERSED
3956 
File 
Failed
C:\Users\admin\AppData\Roaming\Media Center Programs\REVERSED
3956 
File 
Failed
C:\Users\admin\AppData\Roaming\Microsoft\REVERSED
3956 
File 
Failed
C:\Users\admin\AppData\Roaming\Mozilla\REVERSED
3956 
File 
Failed
C:\Users\admin\AppData\Roaming\Opera\REVERSED
3956 
File 
Failed
C:\Users\admin\AppData\Roaming\vlc\REVERSED
3956 
File 
Failed
C:\Users\admin\AppData\Roaming\Adobe\CODEXI
3956 
File 
Failed
C:\Users\admin\AppData\Roaming\Apple Computer\CODEXI
3956 
File 
Failed
C:\Users\admin\AppData\Roaming\FileZilla\CODEXI
3956 
File 
Failed
C:\Users\admin\AppData\Roaming\Identities\CODEXI
3956 
File 
Failed
C:\Users\admin\AppData\Roaming\Media Center Programs\CODEXI
3956 
File 
Failed
C:\Users\admin\AppData\Roaming\Microsoft\CODEXI
3956 
Uac 
Service
Windows Time

File 
Failed
C:\Users\admin\AppData\Roaming\Mozilla\CODEXI
3956 
File 
Failed
C:\Users\admin\AppData\Roaming\Opera\CODEXI
3956 
File 
Failed
C:\Users\admin\AppData\Roaming\vlc\CODEXI
3956 
File 
Failed
C:\Users\admin\AppData\Local\Adobe\CODEXI
3956 
File 
Failed
C:\Users\admin\AppData\Local\Apple Computer\CODEXI
3956 
File 
Failed
C:\Users\admin\AppData\Local\CODEXI
3956 
File 
Failed
C:\Users\admin\AppData\Local\Google\CODEXI
3956 
File 
Failed
C:\Users\admin\AppData\Local\Microsoft\Windows\History\CODEXI
3956 
File 
Failed
C:\Users\admin\AppData\Local\Microsoft\CODEXI
3956 
File 
Failed
C:\Users\admin\AppData\Local\Microsoft Help\CODEXI
3956 
File 
Failed
C:\Users\admin\AppData\Local\Mozilla\CODEXI
3956 
File 
Failed
C:\Users\admin\AppData\Local\Temp\CODEXI
3956 
File 
Failed
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\CODEXI
3956 
File 
Failed
C:\Users\admin\AppData\Local\VirtualStore\CODEXI
3956 
File 
Failed
C:\Users\admin\Documents\mVcWKS-hK\CODEXI
3956 
File 
Failed
C:\Users\admin\Music\CODEXI
3956 
File 
Failed
C:\Users\admin\Pictures\CODEXI
3956 
File 
Failed
C:\Users\admin\Videos\CODEXI
3956 
File 
Failed
C:\Users\admin\Documents\Outlook Files\CODEXI
3956 
File 
Failed
C:\Users\admin\AppData\Roaming\Adobe\CACHES
3956 
File 
Failed
C:\Users\admin\AppData\Roaming\Apple Computer\CACHES
3956 
File 
Failed
C:\Users\admin\AppData\Roaming\FileZilla\CACHES
3956 
File 
Failed
C:\Users\admin\AppData\Roaming\Identities\CACHES
3956 
File 
Failed
C:\Users\admin\AppData\Roaming\Media Center Programs\CACHES
3956 
File 
Failed
C:\Users\admin\AppData\Roaming\Microsoft\CACHES
3956 
File 
Failed
C:\Users\admin\AppData\Roaming\Mozilla\CACHES
3956 
File 
Failed
C:\Users\admin\AppData\Roaming\Opera\CACHES
3956 
File 
Failed
C:\Users\admin\AppData\Roaming\vlc\CACHES
3956 
File 
Failed
C:\Users\admin\AppData\Local\Adobe\CACHES
3956 
File 
Failed
C:\Users\admin\AppData\Local\Apple Computer\CACHES
3956 
File 
Failed
C:\Users\admin\AppData\Local\CACHES
3956 
File 
Failed
C:\Users\admin\AppData\Local\Google\CACHES
3956 
File 
Failed
C:\Users\admin\AppData\Local\Microsoft\Windows\History\CACHES
3956 
File 
Failed
C:\Users\admin\AppData\Local\Microsoft\CACHES
3956 
File 
Failed
C:\Users\admin\AppData\Local\Microsoft Help\CACHES
3956 
File 
Failed
C:\Users\admin\AppData\Local\Mozilla\CACHES
3956 
File 
Failed
C:\Users\admin\AppData\Local\Temp\CACHES
3956 
File 
Failed
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\CACHES
3956 
File 
Failed
C:\Users\admin\AppData\Local\VirtualStore\CACHES
3956 
File 
Failed
C:\Users\admin\Documents\mVcWKS-hK\CACHES
3956 
File 
Failed
C:\Users\admin\Music\CACHES
3956 
File 
Failed
C:\Users\admin\Pictures\CACHES
3956 
File 
Failed
C:\Users\admin\Videos\CACHES
3956 
File 
Failed
C:\Users\admin\Documents\Outlook Files\CACHES
3956 
Folder 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches
3956 
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\steam.comp
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\steam.comp
 MD5:  b6efe641bb70fadb5f52de71483f8d19
 SHA1: 07e2e7cd313dda1102aeef2d1fc9d132c8ced33a
3956 3221456
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\aes_helper.cl
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\aes_helper.cl
 MD5:  001140c7d6d49b8a216e688ef708a394
 SHA1: dbf533b7816f78f8415cd84bd94072a259bf0dfb
3956 23468
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\alexkarnew.cl
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\alexkarnew.cl
 MD5:  3132fae9b8b0c2cb28658035d7d729e6
 SHA1: bfcd9125b34d86cff688919fd340b69fc84c1ec9
3956 23052
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\alexkarold.cl
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\alexkarold.cl
 MD5:  04d3d668ca7023717e6f6be187e98c7d
 SHA1: 9e6371d9e0ce1f5cee20b4225deefe9f9632fa6a
3956 22970
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\animecoin.cl
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\animecoin.cl
 MD5:  c20f3d6b4190d0a83d68154c40f85ed0
 SHA1: 474e473044fd2db5cf945e361336344eb2b5dc72
3956 20152
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\blake.cl
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\blake.cl
 MD5:  692222c8308235f5e6c0b6a6c5b6744b
 SHA1: ab3c7d76e3a8dc150c4103f86a2be4ac5fe9e735
3956 8448
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\bmw.cl
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\bmw.cl
 MD5:  489742caa65d269e55add2429daddbd9
 SHA1: 2699aaeb04df1d46b81e1996f4c6cfe776bbe6cc
3956 16052
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\ckolivas.cl
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\ckolivas.cl
 MD5:  65c974e6e9ec5a67d14a72c7f77065f0
 SHA1: 82a43d81b6bfbf7ea1880b4565eb2cd9ba7014cb
3956 22968
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\cubehash.cl
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\cubehash.cl
 MD5:  a7eb51aa6b498e6b2865d376e3778695
 SHA1: 5108e1615294745fd6fae17dc11596ddb28947f1
3956 7879
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\darkcoin.cl
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\darkcoin.cl
 MD5:  aefd180fd5b1dd68ffb21dfb23a6d6fc
 SHA1: 1231e3d93efdb37671f2f21e39fad42fbca24f41
3956 23129
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\echo.cl
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\echo.cl
 MD5:  49ddd95858afb80e34544f9b424ca078
 SHA1: c212bfb773675b3fcd749164658130e31f065834
3956 5087
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\fugue.cl
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\fugue.cl
 MD5:  4315d4af0d684122409da042a3e809dc
 SHA1: 986859aaa027d6d57ce3c7a993ddd92319559bc8
3956 33649
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\fuguecoin.cl
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\fuguecoin.cl
 MD5:  ce74bb5fc0529d1b900980f959f59c40
 SHA1: 8307c82ef64b780f3383f9328c0c81a076e2c028
3956 6849
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\groestl.cl
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\groestl.cl
 MD5:  b7c9ee517d0a34a344c5142d7909f265
 SHA1: a77fb1eb49d920b1d1a0940ac11f64c482ad0769
3956 66145
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\groestlcoin.cl
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\groestlcoin.cl
 MD5:  0909f02aefcb0bacecc8afc72891c3da
 SHA1: 261797cb215c314c67af1c93f734a68823fe5a27
3956 7580
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\hamsi.cl
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\hamsi.cl
 MD5:  da1f7ddfb3eb04d6508a7ad5a3e97f97
 SHA1: 11dd64bade5b21a753f5ec614823d75dc1b6137b
3956 14640
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\hamsi_helper.cl
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\hamsi_helper.cl
 MD5:  61bd9a10bbbaeacce3fb8392803a764d
 SHA1: 6cd8c82223c3084aaa1f2bf46755cd49fc5d1e56
3956 2222839
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\inkcoin.cl
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\inkcoin.cl
 MD5:  90ca1fdf6f3d47fa54c143a5fa227ca7
 SHA1: 565a10ce1ccee594b90c3df00dab5cbbd4e3ee59
3956 7490
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\jh.cl
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\jh.cl
 MD5:  0aae1bed8c8dec37cdfb7b9561b8c8df
 SHA1: a1af698277c421147e8335c60c0bfb05a2f97844
3956 11051
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\keccak.cl
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\keccak.cl
 MD5:  28256e420b78aae5f6d834cd46051e84
 SHA1: dff60ea67237f3ed7a0ae682d3c60b8f8b97c197
3956 20037
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\libcurl.dll
3956 
Malicious  Alert 
Malicious  Directory
Message:   Executable file created in suspicious location    Detail:   Process creating executable file in suspicious location   

Malicious  Alert 
Misc  Anom
Message:   Generic Trojan Behavior    Detail:   Generic Trojan Behavior   

File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\libcurl.dll
 MD5:  6616f188d2757037f3c0df5099549dd3
 SHA1: 2a5018f7c4f89ccd3de6da03576e5581af311d84
3956 640000
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\libeay32.dll
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\libeay32.dll
 MD5:  41fcf7cf7aeea0b7280dcbce914d4bcb
 SHA1: 63d67a5b769774de2057e346b4dde9edf4d2c2d4
3956 1707520
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\libgcc_s_dw2-1.dll
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\libgcc_s_dw2-1.dll
 MD5:  000abdf5d3e31514801b44b954e1cf91
 SHA1: 89ebff9d7806e8550adde0ce111733909a205a5d
3956 118784
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\libidn-11.dll
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\libidn-11.dll
 MD5:  56295c7afe3f0542d59d12ca955380db
 SHA1: a076c754e77185f8c107b27b13d2307ccc981acf
3956 279955
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\luffa.cl
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\luffa.cl
 MD5:  1f98199f5ddb8484ff13cae68e3562b8
 SHA1: 0099c882374dbdb76036feb3c90b8e66623cde2b
3956 13722
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\marucoin.cl
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\marucoin.cl
 MD5:  dc2f13d0b4ba9b1b8884c97e66497ed6
 SHA1: bf0cdcafd1861853d34368053139c69b877af87a
3956 27233
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\mdm
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\mdm
 MD5:  c6887ec99b5e8b2edf5bb6b6548d8b35
 SHA1: ce1ebcfdfc96ae6b56f7318c5e32e891ebb16a5b
3956 1433189
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\myriadcoin-groestl.cl
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\myriadcoin-groestl.cl
 MD5:  7d374d21b1a308a3b7397cdfe81d333e
 SHA1: 6b136bf35d7cea8ad4c6268bd651837b4d94dd4f
3956 15533
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\panama.cl
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\panama.cl
 MD5:  d3660b01e6cb1c6b6afc4a40a5b9ce1f
 SHA1: d8e2761dbac5beccff4f7e868cae506e1e2378cd
3956 4290
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\psw.cl
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\psw.cl
 MD5:  d57e59838317a16bdb48b0299807ac24
 SHA1: 11284fe772aede509c1077fa1591f3cb6c768d65
3956 21092
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\pthreadGC2.dll
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\pthreadGC2.dll
 MD5:  ac05fbba61f939cd90133032f2595c69
 SHA1: ce3d3811457176dbefb06f5a395505eef8b2a641
3956 94300
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\quarkcoin.cl
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\quarkcoin.cl
 MD5:  9ea9e5e3cbd8e58855eed19906a5ce43
 SHA1: e1ed1047fd94472b0609799c3300fb716ed6343e
3956 20080
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\qubitcoin.cl
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\qubitcoin.cl
 MD5:  5b4b7e66d3dad9f6b8dfa44e1eaf75b6
 SHA1: 59b458f852ce8180701d01acab6bd7c46819f2d7
3956 15649
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\shavite.cl
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\shavite.cl
 MD5:  54f5af7dfa0ac213a1fe1f71e38f3501
 SHA1: c5a657c731b6498d978aa5501bbfb105d79bd152
3956 20642
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\sifcoin.cl
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\sifcoin.cl
 MD5:  9fba513fb0921b94dd63450e3fda9489
 SHA1: 30ad905a74b73a633b6ac095efa6df86900885b6
3956 10768
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\simd.cl
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\simd.cl
 MD5:  71c405afa89bcb0f10848a17a07e0ceb
 SHA1: 07dc4ecb1b50bd3ad54ec894dbdb46a27b6dd773
3956 55379
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\skein.cl
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\skein.cl
 MD5:  d5fe54ae25008aeaec47633efe13aad5
 SHA1: d8e8b67458bf9b21ef2b36a636a047862beb372b
3956 8501
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\ssleay32.dll
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\ssleay32.dll
 MD5:  23d502041c9fd43337933d44bca90e12
 SHA1: 3b2b29914a26b6d3b819c0fbfdb1d31be353603c
3956 368640
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\twecoin.cl
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\twecoin.cl
 MD5:  bbfbacabddd6c1ccb8172a5695ff74b4
 SHA1: 28cac8b2355da04dd459ad388f6becc6e1ed57af
3956 12349
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\x11mod.cl
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\x11mod.cl
 MD5:  277c9ce8a5898c21525b0a5bba0de333
 SHA1: 645641302a95ebb6d8461c96e21e4f0d5be7d263
3956 27978
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\x13mod.cl
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\x13mod.cl
 MD5:  9c089eb1b14799200c868266595d4fb0
 SHA1: 4cc01b96d5610dac0b410aef3905a5eab3f2521a
3956 37121
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\zlib1.dll
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\zlib1.dll
 MD5:  e4d7dd0a413519b21621ccb7d1d78fa4
 SHA1: b2300402703433109cee85fd9f70e81bf867c319
3956 113166
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\zuikkis.cl
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\zuikkis.cl
 MD5:  d991430d3e2d0a918bd21c2c12fcfa4a
 SHA1: cb26c1437b5396e04f6e34fdc58cd962adc1e006
3956 22487
File 
Created
C:\Users\admin\AppData\Roaming\Adobe\Caches\config.xml
3956 
File 
Close
C:\Users\admin\AppData\Roaming\Adobe\Caches\config.xml
 MD5:  d001c3e79c8b3d166b2e727803ace42b
 SHA1: 9de3435e3d68ba3a9852b8dbb6d6116d3399136a
3956 3164
API Call 
 API Name:  GetSystemDirectoryW   Address:  0x002ba110
 Params:  [0x4e2770, 260] 
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  kernel32.dll
3956 
Process 
Started
C:\Windows\System32\schtasks.exe
 Parentname:  C:\Users\admin\AppData\Local\Temp\setup.exe
 Command Line:  "C:\Windows\system32\schtasks.exe" /create /tn "MdmUpdateTaskMachineCore" /f /xml "C:\Users\admin\AppData\Roaming\Adobe\Caches\config.xml"
 MD5:  2003e9b15e1c502b146dad2e383ac1e3
 SHA1: 8a7e8b05a122b768ab85466b2a3daf7a358f90f4
2060 3956 179712
Process 
Duplicate  Opened

Target:   C:\Windows\System32\schtasks.exe    Source:   C:\Users\admin\AppData\Local\Temp\setup.exe   
2060
3956
3956
3956

API Call 
 API Name:  SleepEx   Address:  0x6a2dd7c0
 Params:  [4294967295, 0] 
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  kernel32.dll
3956 
File 
Failed
C:\Users\admin\AppData\Roaming\Microsoft\CLR SECURITY CONFIG\V2.0.50727.312\SECURITY.CONFIG.CCH.3956
  .203737
3956 
API Call 
 API Name:  SleepEx   Address:  0x6a2dd7c0
 Params:  [20, 0] 
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  kernel32.dll
3956 
API Call 
 API Name:  SleepEx   Address:  0x6a2dd7c0
 Params:  [20, 0] 
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe   DLL Name:  kernel32.dll
3956 
9 Repeated items skipped
Process 
Terminated
C:\Users\admin\AppData\Local\Temp\setup.exe
 Parentname:  C:\Users\admin\AppData\Local\Temp\setup.exe
 Command Line:  N/A
3956 1744 
High  Cpu 
 Imagepath:  C:\Users\admin\AppData\Local\Temp\setup.exe
1744 
Regkey 
Queryvalue
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName\"ComputerName"
2060 
2 Repeated items skipped
Process 
Terminated
C:\Windows\System32\schtasks.exe
 Parentname:  C:\Users\admin\AppData\Local\Temp\setup.exe
 Command Line:  N/A
2060 3956 
 
Additional Information:  Show all
Tool Name and Version Tool Output
Name:    fesigcheck
Version:  0.9 
Tool Output:
     Authenticode Signature
 
 Unsigned binary
Name:    fe_peinfo
Version:  0.9 
Tool Output:
 PE file info
 
 [[ Basic Info ]] 
 EntryPoint Address : 0x31a3e2
 Image Base         : 0x400000
 TimeStamp          : 0x552e970f ( Wed Apr 15 18:51:27 2015 )
 MachineType        : 0x14c
 
  [[ File Info]]
 No File Info present.
 
  [[  3 Section(s) ]]
 Name vrtaddr vrtsize rawsize md5 sha1
 .text 0x00002000 0x003183E8 0x00318400 d0be0ca81d33ac5c071dd2aea0cd3bd3 fa7cdd5bceddd79ae606f93689ee9eaa5df41f11
 .reloc 0x0031C000 0x0000000C 0x00000200 f4e5304381ee9c8654c71f4622673000 98fac4c60834721d99f5ef1b4a02c776ba690cc0
 .rsrc 0x0031E000 0x0002DCD4 0x0002DE00 dffe9893f10cf1ff3c3e83bba9472cbb 69d86686d2f45ef63cc239afa903094b9e8e24b2
 
  [[  1  Import(s) ]]
 mscoree.dll
 0x402000 _CorExeMain
Name:    exiftool
Version:  8.50 
Tool Output:
 ExifTool Version Number         : 9.27
 File Name                       : 495.malware
 Directory                       : /data/malware/done
 File Size                       : 3.3 MB
 File Modification Date/Time     : 2015:04:16 22:25:20+02:00
 File Access Date/Time           : 2015:04:16 22:25:20+02:00
 File Inode Change Date/Time     : 2015:04:16 22:30:31+02:00
 File Permissions                : rw-r--r--
 File Type                       : Win32 EXE
 MIME Type                       : application/octet-stream
 Machine Type                    : Intel 386 or later, and compatibles
 Time Stamp                      : 2015:04:15 18:51:27+02:00
 PE Type                         : PE32
 Linker Version                  : 6.0
 Code Size                       : 3245056
 Initialized Data Size           : 3432960
 Uninitialized Data Size         : 0
 Entry Point                     : 0x31a3e2
 OS Version                      : 4.0
 Image Version                   : 0.0
 Subsystem Version               : 4.0
 Subsystem                       : Windows GUI
 File Version Number             : 1.0.0.0
 Product Version Number          : 1.0.0.0
 File Flags Mask                 : 0x003f
 File Flags                      : (none)
 File OS                         : Win32
 Object File Type                : Executable application
 File Subtype                    : 0
 Language Code                   : Neutral
 Character Set                   : Unicode
 Comments                        : Install/Uninstall
 File Description                : Install/Uninstall
 File Version                    : 1.0.0.0
 Internal Name                   : MdMProject.exe
 Legal Copyright                 : Copyright � 2015
 Original Filename               : MdMProject.exe
 Product Version                 : 1.0.0.0
 Assembly Version                : 1.0.0.0
Find
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  The Grand Tour - Series 3 - FOURTEEN episodes! F110 1 12,444 May 03, 2019, 01:33 am
Last Post: RobertX



Users browsing this thread: 1 Guest(s)