8holJWXFZe.exe

Status: finished

Submission Time: 2024-02-21 10:02:03 +01:00

Malicious

Spreader

Trojan

Spyware

Exploiter

Evader

Glupteba, LummaC Stealer, SmokeLoader, S

Comments

Details

Analysis ID:
1395964
API (Web) ID:
1395964
Original Filename:
1e5213a9ba12bdd61fe9b725189397a9.exe
Analysis Started:

2024-02-21 10:02:04 +01:00
Analysis Finished:

2024-02-21 10:20:08 +01:00
MD5:
1e5213a9ba12bdd61fe9b725189397a9
SHA1:
2a30c244ad788b987bada2f441c1eecc034f49fc
SHA256:
d9e9ad2e1129ea6aa884668a13f6e3b73b7cedaa7fec69a38c4e683bea546879
Technologies:

Engines
IOCs

Joe Sandbox

Engine	Download Report	Detection	Info
		malicious
	Full Report Management Report IOC Report	malicious Score: 100	System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report

malicious

Score: 30/70

malicious

Score: 23/24

malicious

IPs

IP	Country	Detection
104.21.28.201	United States
140.128.53.2	Taiwan; Republic of China (ROC)
202.0.92.42	Indonesia
Click to see the 96 hidden entries
69.172.201.162	Canada
104.78.189.158	United States
185.172.128.145	Russian Federation
193.47.102.45	Saudi Arabia
104.244.42.198	United States
185.159.159.143	Switzerland
34.204.122.130	United States
58.97.80.125	Thailand
35.169.131.156	United States
195.85.23.180	Denmark
45.60.121.52	United States
104.22.9.54	United States
3.17.251.207	United States
52.219.80.171	United States
52.101.9.5	United States
217.156.52.89	Romania
103.216.87.125	Indonesia
64.190.63.111	United States
18.238.80.75	United States
103.195.186.53	India
172.67.217.100	United States
52.207.128.88	United States
52.219.92.240	United States
173.203.187.1	United States
104.16.87.146	United States
104.77.220.121	United States
164.100.213.210	India
91.195.88.202	Saudi Arabia
77.88.21.249	Russian Federation
200.61.221.146	Argentina
178.237.35.41	Netherlands
3.23.231.54	United States
61.195.53.13	Japan
104.22.8.54	United States
143.55.144.2	United States
103.89.250.239	Indonesia
104.16.86.146	United States
185.172.128.19	Russian Federation
18.231.15.243	United States
189.9.113.9	Brazil
170.114.52.4	United States
104.21.1.77	United States
54.208.72.66	United States
4.232.8.16	United States
179.43.40.120	unknown
40.83.169.88	United States
13.225.214.5	United States
185.107.56.53	Netherlands
47.254.210.115	United States
51.83.132.103	France
162.19.204.163	United States
142.250.31.26	United States
172.67.159.231	United States
85.214.212.219	Germany
157.240.241.17	United States
130.225.244.90	Denmark
51.195.124.251	France
104.22.43.233	United States
45.10.154.155	Germany
172.253.115.84	United States
201.71.187.171	Brazil
172.67.197.210	United States
143.47.57.133	Ireland
172.67.72.12	United States
2.58.21.105	Netherlands
104.21.28.30	United States
128.31.0.39	United States
18.196.241.110	United States
38.242.203.135	United States
185.220.102.4	Germany
62.210.123.24	France
80.64.181.152	Germany
104.22.13.92	United States
37.120.174.249	Germany
135.148.54.103	United States
50.47.238.242	United States
144.76.199.183	Germany
207.180.216.146	Germany
156.200.98.2	Egypt
54.243.60.31	United States
13.82.133.54	United States
172.67.191.152	United States
144.76.162.202	Germany
66.225.237.140	United States
164.100.2.66	India
5.42.64.33	Russian Federation
84.235.6.196	Saudi Arabia
118.98.237.226	Indonesia
104.18.7.156	United States
35.190.62.213	United States
103.168.172.218	unknown
157.240.241.35	United States
103.168.172.216	unknown
103.168.172.221	unknown
200.234.204.130	Brazil
2.233.91.176	Italy

Domains

Name	IP	Detection
bitcoindoubler.store	64.190.63.111
relay-avs.poste.it	62.241.4.132
us04web.zoom.us	170.114.52.4
Click to see the 97 hidden entries
oppsb.diknaspadang.id	103.216.87.125
mail.protonmail.com	185.70.42.42
empui.doe.go.th	164.115.40.36
pelangiqqasia.com	15.197.142.173
elb-surpreenda-nao-tem-preco-2015540820.sa-east-1.elb.amazonaws.com	18.231.15.243
twitter.com	104.244.42.1
passport.twitch.tv	18.238.80.75
resergvearyinitiani.shop	172.67.217.100
absher.sa	193.47.102.45
exacyc.orion.education.fr	195.221.67.159
helbling-ezone.com	104.22.8.54
canvas-iad-prod-c21-321681666.us-east-1.elb.amazonaws.com	34.205.46.124
mxa-004fae02.gslb.pphosted.com	143.55.144.2
ipin.siren24.com	210.207.91.178
riotgames-publishing.netlifyglobalcdn.com	54.156.13.12
store.steampowered.com	104.77.220.121
comunidadcoto.com.ar	200.61.221.146
mobile.sunaviat.com	104.21.45.242
mxb-00771101.gslb.pphosted.com	205.220.183.78
eservices.anip.bj	137.255.9.116
nhentai.net	104.21.66.123
service.asdasd.it	195.47.199.239
jlk94dl.impervadns.net	45.60.121.52
devmedia.com.br	187.85.74.81
forum.cheatbuddy.pro	185.107.56.53
portal.edinaschools.org	40.83.169.88
mail.jacolos.pl	51.77.57.32
www66.imperiaonline.org	78.128.98.201
mobile.twitter.com	104.244.42.198
daftar-sscasn.bkn.go.id	103.89.250.239
femout.com	178.237.35.41
online.banesco.com.pa	201.218.224.201
discord.com	162.159.137.232
trmpc.com	187.211.34.223
classroom.1on1lms.com	52.219.100.252
posteid.poste.it	4.232.8.16
chs.rips.or.kr	58.227.192.211
raidersjeans.com	45.152.46.213
idp.hrblock.com	40.67.190.253
po36lo1ahkiu2d72.aliyunddos0009.com	47.254.210.115
shopee.ph	202.181.90.248
login.flvs.net	69.172.201.162
www2.yggtorrent.ws	199.59.243.225
socialclub.rockstargames.com	104.255.105.71
sjyey.com	183.100.39.16
mail.gpspower.net	109.201.133.10
secure.square-enix.com	61.195.53.13
forum.plutonium.pw	104.21.235.11
member.sf.in.th	58.97.80.125
ssh.bitcoindoubler.store	64.190.63.111
slotplanet.com	18.164.124.88
_dc-mx.3363dc718bb7.gsmturkey.net	80.209.238.167
bahasa.uin-suka.ac.id	202.0.92.42
iqr7cse.ng.impervadns.net	45.60.121.52
mxa-00771101.gslb.pphosted.com	205.220.183.78
www.lingosaur.com	95.216.106.198
dreamtraffic.futurenet.club	3.123.121.249
selebration17io.io	91.215.85.120
prod-system-872560859.us-east-1.elb.amazonaws.com	34.204.122.130
classmarker.com	104.22.12.92
www30.mercantilbanco.com	200.3.4.99
unlimitedentertainment.co	54.148.227.199
es.bongamodels.com	195.85.23.180
kfvsjdc.x.incapdns.net	45.60.11.91
turktorrent.us	104.21.76.86
vrchat.com	104.18.6.156
wearethebestin2024.com	198.252.102.119
billeteramovil.gob.ve	201.249.156.9
www.devmedia.com.br	187.85.74.81
colaboraread.com.br	20.226.43.75
digitalindiaportal.co.in	103.195.186.53
blankmediagames.com	172.67.12.245
portal.edupage.org	136.243.58.240
mailgw.nic.in	164.100.2.66
gsmturkey.net	172.67.170.55
notacuiabana.com.br	201.71.187.171
de8sb1gon0jbm.cloudfront.net	108.138.106.27
alt4.aspmx.l.google.com	142.250.153.26
pingbooster.com	172.67.186.95
www.blankmediagames.com	172.67.12.245
mx.jk.locaweb.com.br	200.234.204.130
mx2.emailsrvr.com	173.203.187.2
mail.enr.gov.eg	213.212.255.28
backoffice.futurenet.club	18.196.241.110
seller.ebhubon.com	172.67.147.136
d230thb7431rs0.cloudfront.net	18.164.124.66
gpspower.net	172.67.197.210
smtp.google.com	172.253.63.27
in1-smtp.messagingengine.com	103.168.172.221
mx1.saudi.net.sa	84.235.6.196
googlehosted.l.googleusercontent.com	142.250.80.65
mail.proton.me	185.70.42.37
accounts.google.com	172.253.115.84
loginsso.telmex.com	66.225.237.140
alt1.gmr-smtp-in.l.google.com	209.85.202.14
lppksps.kemdikbud.go.id	118.98.237.226
www.pingbooster.com	104.21.51.216

URLs

Name	Detection
https://eboleta.sii.cl/phpmyadmin/
http://store.steampowered.com/administrator/index.php
http://us04web.zoom.us/administrator/index.php
Click to see the 97 hidden entries
http://forum.cheatbuddy.pro/administrator/
http://raidersjeans.com/phpMyAdmin/
http://lppks.kemdikbud.go.id/admin.php
http://znotes.org/administrator/index.php
https://pfinternet.anaf.ro/phpmyadmin/
https://app.buildfire.com/administrator/
https://nhentai.net/admin
http://login.flvs.net/admin
http://www2.yggtorrent.ws/wp-admin/
http://eboleta.sii.cl/pma/
http://member.sf.in.th/pma/
http://igenius.biz/administrator/
https://eservices.anip.bj/administrator/index.php
https://tngportal.touchngo.com.my/wp-login.php
http://surpreenda.naotempreco.com.br/PhpMyAdmin/
http://cassiosssionunu.me/index.php
http://login.flvs.net/phpmyadmin/
http://moodle-academico.uffs.edu.br/admin.php
https://comunidadcoto.com.ar/phpmyadmin/
https://app.buildfire.com/phpMyAdmin/
https://forum.plutonium.pw/pma/
http://www2.yggtorrent.ws/administrator/index.php
http://promods.net/admin.php
http://app.buildfire.com/administrator/index.php
http://lingosaur.com/wp-admin/
https://znotes.org/phpMyAdmin/
http://app.buildfire.com/phpMyAdmin/
https://promods.net/phpMyAdmin/
https://dbko.net/wp-admin/
https://billeteramovil.gob.ve/pma/
https://nickvn.net/phpmyadmin/
http://school.tc.edu.tw/wp-admin/
https://unlimitedentertainment.co/pma/
http://109.201.133.10:2030/pma/
http://absher.sa/wp-login.php
https://turktorrent.us/administrator/
http://mail.protonmail.com/wp-admin/Uw
https://raidersjeans.com/95-shorts-de-bano
https://store.steampowered.com/?snr=1_4_4__login
https://www.classmarker.com/register/
https://gsmturkey.net/PhpMyAdmin/
https://aka.ms/odirmr
https://store.steampowered.com/tags/en/Adventure/?snr=1_4_4__125
https://www.pingbooster.com/th/wp-admin/
https://store.cloudflare.steamstatic.com/public/shared/javascript/jquery-1.8.3.min.js?v=.TZ2NKhB-nli
https://account.protonvpn.com/pt/
https://store.cloudflare.steamstatic.com/public/shared/images/trans.gif
https://store.steampowered.com/app/2072450/Like_a_Dragon_Infinite_Wealth/?snr=1_4_4__145
https://imagizer.imageshack.com/img924/2591/wu4qJ4.png
https://ads-twitter.com
https://accounts.google.com/wp-login.php
http://blankmediagames.com/wp-login.php
https://store.steampowered.com/category/horror/?snr=1_4_4__12
https://sp.zalo.me/plugins/sdk.js
http://exacyc.orion.education.fr/phpmyadmin/PDu
https://store.steampowered.com/app/812140/Assassins_Creed_Odyssey/?snr=1_4_4__tab-Specials
http://www.langson.gov.vn/khdt
https://store.steampowered.com/category/tower_defense/?snr=1_4_4__12
http://www.moit.gov.vn
http://dreamtraffic.futurenet.club/wp-login.phpf
https://store.steampowered.com/app/881020/Granblue_Fantasy_Relink/?snr=1_4_4__145
http://fullcrackpc.com/wp-login.phpL
http://crl.entrust.net/g2ca.crl4
http://lobiajans.com/wp-login.php22b
https://store.steampowered.com/app/335300/DARK_SOULS_II_Scholar_of_the_First_Sin/?snr=1_4_4__tab-Spe
https://store.steampowered.com/app/2379780/Balatro/?snr=1_4_4__145
http://loginsso.telmex.com/phpmyadmin/
https://cdn.heapanalytics.com/js/heap-
https://store.steampowered.com/vr/?snr=1_4_4__125
https://upload.twitter.com
https://m.facebook.com/login.php?next=https%3A%2F%2Fm.facebook.com%2Fphpmyadmin%2F&refsrc=deprecated&_rdr
http://prod.ros.rockstargames.com/cloud/11/cloudservices
https://tfl.gov.uk/fares/how-to-pay-and-where-to-buy-tickets-and-oyster/pay-as-you-go/oyster-pay-as-
https://store.steampowered.com/stats/?snr=1_4_4__global-header
https://store.steampowered.com/vrhardware/?snr=1_4_4__12
https://cdn.cloudflare.steamstatic.com/steam/spotlights/bb8b66c2e18a1105a5a2f055/spotlight_image_eng
https://www.pingbooster.com/upload/img/meta/202207203085463462d7c5ca83fa7.jpg
https://store.steampowered.com/category/adventure/?snr=1_4_4__12
https://store.steampowered.com/app/730/CounterStrike_2/?snr=1_4_4__tab-TopGrossing
https://business.twitter.com/en/help/troubleshooting/how-twitter-ads-work.html?ref=web-twc-ao-gbl-ad
https://www.google.com/chrome/browser/
https://us04st3.zoom.us/static/6.3.19515/image/icon/icon-arrow-down.svg
http://portal.edinaschools.org/wp-admin/hp
https://oss.maxcdn.com/respond/1.4.2/respond.min.js
https://du11hjcvx0uqb.cloudfront.net/dist/webpack-production/react-entry-0d2331729ba2f215.js
http://service.asdasd.it/admin.php.id:2625
http://accounts.google.com/admin.php
https://tfl.gov.uk/help-and-contact/contact-us-about-oyster
http://classmarker.com/PhpMyAdmin/min/
https://instructure-uploads.s3.amazonaws.com/account_13680000000000001/attachments/2426312/4%20Canva
https://deo.shopeemobile.com/shopee/shopee-pcmall-live-sg/assets/polyfill.0b761ff65aca5425.js
https://www.cloudflare.com/5xx-error-landing
https://s3.hcm-1.cloud.cmctelecom.vn/khonick/storage/imageacc/bae02de9b899fb93351285053b90fe1e.png
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu
http://validate.perfdrive.com/bc3e580032187c1c91b789fee70abdc1/?ssa=b9b75239-e1d8-4def-bc5d-bb2172d09d0d&ssb=62971229730&ssc=https%3A%2F%2Floginsso.telmex.com%2Fpma%2F&ssi=a1cbf4cc-bkzv-4f1c-8c9d-de877817faee&ssk=support@shieldsquare.com&ssm=48669873346084851103203981560157&ssn=d5ac01eaa6602a8d975270038a0176d7d9d8ac37180a-2fee-4444-a92bda&sso=da9cef7f-7a092fd7f07f627fcf32e750172171b47afebc888d6a528d&ssp=22804668731708588648170857979407788&ssq=74016000639982772371706399541588467331860&ssr=MTkxLjk2LjIyNy4yMjI=&sst=Mozilla/5.0+(Windows+NT+6.0;+rv:34.0)+Gecko/20100101+Firefox/34.0&ssu=&ssv=&ssw=&ssx=W10=
https://aa.x.com
https://legalleconcursos.com.br/public/arquivos/img/map2.png);

Dropped files

Name	File Type	Hashes
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\D69C.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\BroomSetup.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
Click to see the 83 hidden entries
C:\Users\user\AppData\Local\Temp\3108.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\288c47bbc1871b439df19ff4df68f076.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\1FA2.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\1698.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\syncUpd[1].exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\DB7F.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\CDRWIN Media\zlib1.dll (copy)	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CDRWIN Media\unins000.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\CDRWIN Media\swresample-3.dll (copy)	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CDRWIN Media\libwinpthread-1.dll (copy)	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CDRWIN Media\libvorbisenc-2.dll (copy)	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CDRWIN Media\libvorbis-0.dll (copy)	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CDRWIN Media\libogg-0.dll (copy)	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CDRWIN Media\libiconv-2.dll (copy)	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CDRWIN Media\libgcc_s_dw2-1.dll (copy)	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CDRWIN Media\libbz2-1.dll (copy)	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\Temp\is-DQKRG.tmp\_isetup\_iscrypt.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\wghgubg	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Roaming\ighgubg:Zone.Identifier	ASCII text, with CRLF line terminators	#
C:\Users\user\AppData\Roaming\ighgubg	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\nstF22.tmp\INetC.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\nsg1666.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\is-M995F.tmp\1FA2.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\is-HV1CK.tmp\3108.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\is-FBS3E.tmp\3108.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\is-DQKRG.tmp\_isetup\_setup64.tmp	PE32+ executable (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\is-DQKRG.tmp\_isetup\_isdecmp.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\CDRWIN Media\is-RAG89.tmp	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\Temp\is-1SGGM.tmp\_isetup\_setup64.tmp	PE32+ executable (console) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\is-1SGGM.tmp\_isetup\_isdecmp.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\is-1SGGM.tmp\_isetup\_iscrypt.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\is-009ES.tmp\1FA2.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\InstallSetup4.exe	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive	#
C:\Users\user\AppData\Local\Temp\FourthX.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\Users\user\AppData\Local\Temp\FEC9.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	#
C:\Users\user\AppData\Local\Temp\EEFA.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\Temp\E44A.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\CD-ROM Emulator\is-85I2I.tmp	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CD-ROM Emulator\libgcc_s_dw2-1.dll (copy)	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CD-ROM Emulator\libbz2-1.dll (copy)	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CD-ROM Emulator\is-V59QE.tmp	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CD-ROM Emulator\is-UL0QG.tmp	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CD-ROM Emulator\is-SAGTS.tmp	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CD-ROM Emulator\is-FT85F.tmp	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CD-ROM Emulator\is-DCPA4.tmp	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CD-ROM Emulator\is-CD599.tmp	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CD-ROM Emulator\is-AJPOM.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\CD-ROM Emulator\is-9CQVN.tmp	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CD-ROM Emulator\libiconv-2.dll (copy)	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CD-ROM Emulator\is-78050.tmp	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CD-ROM Emulator\is-6M5EV.tmp	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CD-ROM Emulator\is-5UIJT.tmp	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CD-ROM Emulator\cdromemulator.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\CD-ROM Emulator\avutil-56.dll (copy)	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\ProgramData\xcfonrchdkar\vueqjgslwynd.exe	PE32+ executable (GUI) x86-64, for MS Windows	#
C:\ProgramData\softokn3.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\ProgramData\nss3.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\ProgramData\mozglue.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\ProgramData\freebl3.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\CDRWIN Media\is-0L505.tmp	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CDRWIN Media\is-POCLE.tmp	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CDRWIN Media\is-PCSTA.tmp	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CDRWIN Media\is-OH056.tmp	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CDRWIN Media\is-MVR1R.tmp	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CDRWIN Media\is-MKG2C.tmp	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CDRWIN Media\is-IRNQP.tmp	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CDRWIN Media\is-ID5AN.tmp	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\CDRWIN Media\is-HIO43.tmp	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CDRWIN Media\is-3ANMN.tmp	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CDRWIN Media\is-2U2LU.tmp	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\ProgramData\Drivers\csrss.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\CDRWIN Media\cdrwinmedia.exe	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\CDRWIN Media\avutil-56.dll (copy)	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CD-ROM Emulator\zlib1.dll (copy)	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CD-ROM Emulator\unins000.exe (copy)	PE32 executable (GUI) Intel 80386, for MS Windows	#
C:\Users\user\AppData\Local\CD-ROM Emulator\swresample-3.dll (copy)	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CD-ROM Emulator\libwinpthread-1.dll (copy)	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CD-ROM Emulator\libvorbisenc-2.dll (copy)	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CD-ROM Emulator\libvorbis-0.dll (copy)	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#
C:\Users\user\AppData\Local\CD-ROM Emulator\libogg-0.dll (copy)	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows	#

Deep Malware Analysis