Windows Analysis Report
SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe

Overview

General Information

Sample name: SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe
Analysis ID: 1446065
MD5: 16a4db609ad33cd94252d33d78869a04
SHA1: d88a9cc5dd7a854285ed250ca6ac52c4c07ae6c1
SHA256: 724c40dfc48366316f40ea0dc22d36157035ee3251f404bbc1d26154bed79820
Tags: exe
Infos:

Detection

Score: 13
Range: 0 - 100
Whitelisted: false
Confidence: 40%

Signatures

Writes many files with high entropy
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Drops PE files
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
PE file contains executable resources (Code or Archives)
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses insecure TLS / SSL version for HTTPS connection

Classification

Uses 32bit PE files
Source: SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49762 version: TLS 1.0
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.19.85.159:443 -> 192.168.2.6:49744 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.19.85.159:443 -> 192.168.2.6:49751 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49761 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.6:49763 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49764 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49767 version: TLS 1.2
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 104.17.24.14 104.17.24.14
Source: Joe Sandbox View IP Address: 104.16.224.240 104.16.224.240
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49762 version: TLS 1.0
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.85.159
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.85.159
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.85.159
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.85.159
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.85.159
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.85.159
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.85.159
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.85.159
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.85.159
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.85.159
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.85.159
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.85.159
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.85.159
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.85.159
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.85.159
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.85.159
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.85.159
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.85.159
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ecVzAeCZcyNtxd7&MD=3tn7nXmP HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /?utm_source=VolleyballFight&utm_medium=downloadable_install HTTP/1.1Host: www.myrealgames.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pcgame-install.html?utm_source=VolleyballFight&utm_medium=downloadable_install HTTP/1.1Host: www.myrealgames.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: advanced-frontend=8qq1qtioqmrkk9cur7oee6742u; language=15af67f83680948286da3cb55663b251cb50276c822e642a97830bbae51f1447a%3A2%3A%7Bi%3A0%3Bs%3A8%3A%22language%22%3Bi%3A1%3Bs%3A2%3A%22en%22%3B%7D
Source: global traffic HTTP traffic detected: GET /images/flags/fr.gif HTTP/1.1Host: www.myrealgames.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.myrealgames.com/pcgame-install.html?utm_source=VolleyballFight&utm_medium=downloadable_installAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: advanced-frontend=8qq1qtioqmrkk9cur7oee6742u; language=15af67f83680948286da3cb55663b251cb50276c822e642a97830bbae51f1447a%3A2%3A%7Bi%3A0%3Bs%3A8%3A%22language%22%3Bi%3A1%3Bs%3A2%3A%22en%22%3B%7D; _csrf-frontend=f1443ef741138644c1dc0ba74598a6f7489b646f9da166141161e03255e79feba%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22Jefw_PRHo360cmpsYfrFV_TMOzEvX3JR%22%3B%7D
Source: global traffic HTTP traffic detected: GET /images/flags/ru.gif HTTP/1.1Host: www.myrealgames.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.myrealgames.com/pcgame-install.html?utm_source=VolleyballFight&utm_medium=downloadable_installAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: advanced-frontend=8qq1qtioqmrkk9cur7oee6742u; language=15af67f83680948286da3cb55663b251cb50276c822e642a97830bbae51f1447a%3A2%3A%7Bi%3A0%3Bs%3A8%3A%22language%22%3Bi%3A1%3Bs%3A2%3A%22en%22%3B%7D; _csrf-frontend=f1443ef741138644c1dc0ba74598a6f7489b646f9da166141161e03255e79feba%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22Jefw_PRHo360cmpsYfrFV_TMOzEvX3JR%22%3B%7D
Source: global traffic HTTP traffic detected: GET /minify/76ed5da15d06d5fb97dde5b6ace0430b2b443b2a.css HTTP/1.1Host: cdn.myrealgames.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.myrealgames.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /minify/38f176f009d31d679ce5017dd72c4b1d68ebdb1c.js HTTP/1.1Host: cdn.myrealgames.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.myrealgames.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/flags/fr.gif HTTP/1.1Host: www.myrealgames.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: advanced-frontend=8qq1qtioqmrkk9cur7oee6742u; language=15af67f83680948286da3cb55663b251cb50276c822e642a97830bbae51f1447a%3A2%3A%7Bi%3A0%3Bs%3A8%3A%22language%22%3Bi%3A1%3Bs%3A2%3A%22en%22%3B%7D; _csrf-frontend=f1443ef741138644c1dc0ba74598a6f7489b646f9da166141161e03255e79feba%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22Jefw_PRHo360cmpsYfrFV_TMOzEvX3JR%22%3B%7D
Source: global traffic HTTP traffic detected: GET /images/flags/ru.gif HTTP/1.1Host: www.myrealgames.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: advanced-frontend=8qq1qtioqmrkk9cur7oee6742u; language=15af67f83680948286da3cb55663b251cb50276c822e642a97830bbae51f1447a%3A2%3A%7Bi%3A0%3Bs%3A8%3A%22language%22%3Bi%3A1%3Bs%3A2%3A%22en%22%3B%7D; _csrf-frontend=f1443ef741138644c1dc0ba74598a6f7489b646f9da166141161e03255e79feba%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22Jefw_PRHo360cmpsYfrFV_TMOzEvX3JR%22%3B%7D
Source: global traffic HTTP traffic detected: GET /images/bg.jpg HTTP/1.1Host: cdn.myrealgames.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cdn.myrealgames.com/minify/76ed5da15d06d5fb97dde5b6ace0430b2b443b2a.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/logo-middle.png HTTP/1.1Host: cdn.myrealgames.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cdn.myrealgames.com/minify/76ed5da15d06d5fb97dde5b6ace0430b2b443b2a.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/sprite.png HTTP/1.1Host: cdn.myrealgames.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cdn.myrealgames.com/minify/76ed5da15d06d5fb97dde5b6ace0430b2b443b2a.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /images/bg.jpg HTTP/1.1Host: cdn.myrealgames.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /images/logo-middle.png HTTP/1.1Host: cdn.myrealgames.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.myrealgames.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.myrealgames.com/pcgame-install.html?utm_source=VolleyballFight&utm_medium=downloadable_installAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: advanced-frontend=8qq1qtioqmrkk9cur7oee6742u; language=15af67f83680948286da3cb55663b251cb50276c822e642a97830bbae51f1447a%3A2%3A%7Bi%3A0%3Bs%3A8%3A%22language%22%3Bi%3A1%3Bs%3A2%3A%22en%22%3B%7D; _csrf-frontend=f1443ef741138644c1dc0ba74598a6f7489b646f9da166141161e03255e79feba%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22Jefw_PRHo360cmpsYfrFV_TMOzEvX3JR%22%3B%7D
Source: global traffic HTTP traffic detected: GET /images/sprite.png HTTP/1.1Host: cdn.myrealgames.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.myrealgames.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: advanced-frontend=8qq1qtioqmrkk9cur7oee6742u; language=15af67f83680948286da3cb55663b251cb50276c822e642a97830bbae51f1447a%3A2%3A%7Bi%3A0%3Bs%3A8%3A%22language%22%3Bi%3A1%3Bs%3A2%3A%22en%22%3B%7D; _csrf-frontend=f1443ef741138644c1dc0ba74598a6f7489b646f9da166141161e03255e79feba%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22Jefw_PRHo360cmpsYfrFV_TMOzEvX3JR%22%3B%7D
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ecVzAeCZcyNtxd7&MD=3tn7nXmP HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /?utm_source=VolleyballFight&utm_medium=downloadable_install HTTP/1.1Host: www.myrealgames.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic DNS traffic detected: DNS query: www.myrealgames.com
Source: global traffic DNS traffic detected: DNS query: cdn.myrealgames.com
Source: global traffic DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: static.getclicky.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: unknown HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900C4F3X-BM-CBT: 1696488253X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: 1D6F504B5A5A465DBDB84F31C63A581DX-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900C4F3X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshldspcl40,msbdsborgv2co,msbwdsbi920cf,optfsth3,premsbdsbchtupcf,wsbfixcachec,wsbqfasmsall_c,wsbqfminiserp_c,wsbref-cX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 516Connection: Keep-AliveCache-Control: no-cacheCookie: SRCHUID=V=2&GUID=CE2BE0509FF742BD822F50D98AD10391&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&HV=1696488191&IPMH=5767d621&IPMID=1696488252989&LUT=1696487541024; CortanaAppUID=2020E25DAB158E420BA06F1C8DEF7959; MUID=81C61E09498D41CC97CDBBA354824ED1; _SS=SID=1D9FAF807E686D422B86BC217FC66C71&CPID=1696488253968&AC=1&CPH=071f2185; _EDGE_S=SID=1D9FAF807E686D422B86BC217FC66C71; MUIDB=81C61E09498D41CC97CDBBA354824ED1
Source: unins000.dat.2.dr String found in binary or memory: http://about.ask.com/en/docs/about/ask_eula.shtml
Source: unins000.dat.2.dr String found in binary or memory: http://about.ask.com/en/docs/about/privacy.shtml
Source: is-PI5E6.tmp.2.dr String found in binary or memory: http://www.6ixsoft.com.
Source: is-PI5E6.tmp.2.dr String found in binary or memory: http://www.6ixsoft.com.2.4.1zlib
Source: SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe, 00000001.00000003.2131006914.000000007FD30000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe, 00000001.00000003.2130764314.0000000002440000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000000.2131808298.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-NQGNM.tmp.2.dr, SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp.1.dr String found in binary or memory: http://www.innosetup.com/
Source: SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe, 00000001.00000003.2129644719.0000000002440000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe, 00000001.00000003.2492705316.0000000002278000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000003.2458101147.00000000022F3000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000003.2133248371.00000000031A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000003.2489439841.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000003.2458101147.00000000022E1000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000003.2489471434.0000000000825000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.myrealgames.com
Source: SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe, 00000001.00000003.2492705316.00000000022CD000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.myrealgames.com/
Source: SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000002.2491528713.0000000000843000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.myrealgames.com/?utm_source=VolleyballFight&utm_medium=downloadable_install
Source: SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000003.2489471434.0000000000825000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000002.2491528713.0000000000843000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.myrealgames.com/?utm_source=VolleyballFight&utm_medium=downloadable_install#
Source: SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000002.2491898675.0000000000889000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000003.2451087408.000000000087A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.myrealgames.com/?utm_source=VolleyballFight&utm_medium=downloadable_install3
Source: SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000003.2451087408.000000000087A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000002.2491898675.000000000087E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.myrealgames.com/?utm_source=VolleyballFight&utm_medium=downloadable_installA
Source: SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000003.2489471434.0000000000825000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.myrealgames.com/?utm_source=VolleyballFight&utm_medium=downloadable_installC
Source: SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000003.2412551049.00000000006E4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.myrealgames.com/?utm_source=VolleyballFight&utm_medium=downloadable_installC:
Source: SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000002.2491528713.0000000000849000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000003.2489471434.0000000000825000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.myrealgames.com/?utm_source=VolleyballFight&utm_medium=downloadable_installKM
Source: SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000003.2489471434.0000000000825000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000002.2491528713.0000000000843000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.myrealgames.com/?utm_source=VolleyballFight&utm_medium=downloadable_installPY
Source: SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000003.2489471434.0000000000858000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.myrealgames.com/?utm_source=VolleyballFight&utm_medium=downloadable_installV6
Source: SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000003.2451087408.000000000087A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.myrealgames.com/?utm_source=VolleyballFight&utm_medium=downloadable_installb
Source: SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000003.2489471434.0000000000858000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.myrealgames.com/?utm_source=VolleyballFight&utm_medium=downloadable_installi6;
Source: SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000002.2491528713.0000000000849000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000003.2489471434.0000000000825000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.myrealgames.com/?utm_source=VolleyballFight&utm_medium=downloadable_installlM
Source: SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe, 00000001.00000003.2129644719.0000000002440000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000003.2133248371.00000000031A0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.myrealgames.com/Z
Source: SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe, 00000001.00000003.2129644719.0000000002440000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe, 00000001.00000003.2492705316.0000000002278000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000003.2458101147.00000000022F3000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000003.2133248371.00000000031A0000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000003.2489439841.00000000008A3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000003.2458101147.00000000022E1000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000003.2489471434.0000000000825000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.myrealgames.com/privacy.html
Source: SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000003.2489471434.0000000000825000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000002.2491528713.0000000000843000.00000004.00000020.00020000.00000000.sdmp, is-GCN1I.tmp.2.dr String found in binary or memory: http://www.myrealgames.com?utm_source=VolleyballFight&utm_medium=downloadable_install
Source: SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000003.2489471434.0000000000825000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000002.2491528713.0000000000843000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.myrealgames.com?utm_source=VolleyballFight&utm_medium=downloadable_installDXi
Source: SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000003.2489471434.0000000000825000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000002.2491528713.0000000000843000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.myrealgames.com?utm_source=VolleyballFight&utm_medium=downloadable_installr
Source: is-MD5KH.tmp.2.dr String found in binary or memory: http://www.myrealgames.com?utm_source=VolleyballFight&utm_medium=downloadable_play
Source: is-IAKEI.tmp.2.dr String found in binary or memory: http://www.myrealgames.com?utm_source=VolleyballFight&utm_medium=downloadable_uninstall
Source: SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000002.2490370436.000000000018C000.00000004.00000010.00020000.00000000.sdmp, is-893OV.tmp.2.dr String found in binary or memory: http://www.myrealgames.com?utm_source=VolleyballFight&utm_medium=downloadable_website
Source: SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe, 00000001.00000003.2131006914.000000007FD30000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe, 00000001.00000003.2130764314.0000000002440000.00000004.00001000.00020000.00000000.sdmp, SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp, 00000002.00000000.2131808298.0000000000401000.00000020.00000001.01000000.00000004.sdmp, is-NQGNM.tmp.2.dr, SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp.1.dr String found in binary or memory: http://www.remobjects.com/ps
Source: chromecache_122.8.dr String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_122.8.dr String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_122.8.dr String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_122.8.dr String found in binary or memory: https://jquery.com/
Source: chromecache_122.8.dr String found in binary or memory: https://jquery.org/license
Source: chromecache_122.8.dr String found in binary or memory: https://popper.js.org)
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.19.85.159:443 -> 192.168.2.6:49744 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.19.85.159:443 -> 192.168.2.6:49751 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49761 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.6:49763 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49764 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49767 version: TLS 1.2
Creates a DirectInput object (often for capturing keystrokes)
Source: is-PI5E6.tmp.2.dr Binary or memory string: DirectDrawCreateEx memstr_5ae340c3-3

Spam, unwanted Advertisements and Ransom Demands
barindex
Writes many files with high entropy
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\FIELDS\GF_1.PNG (copy) entropy: 7.99727374875 Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\FIELDS\GF_2.PNG (copy) entropy: 7.99133394242 Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\FIELDS\GF_3.PNG (copy) entropy: 7.99485546931 Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\FIELDS\GF_4.PNG (copy) entropy: 7.99751839098 Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\FIELDS\GF_5.PNG (copy) entropy: 7.99644506869 Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\FIELDS\GF_6.PNG (copy) entropy: 7.9970859344 Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\FIELDS\GF_7.PNG (copy) entropy: 7.99222023407 Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\GUYS\1\go_left.png (copy) entropy: 7.99419564772 Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\GUYS\1\go_right.png (copy) entropy: 7.99495829475 Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\GUYS\1\jump.png (copy) entropy: 7.99443592284 Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\GUYS\1\jump_left.png (copy) entropy: 7.99345259336 Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\GUYS\1\jump_right.png (copy) entropy: 7.99431596446 Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\GUYS\1\stand.png (copy) entropy: 7.99431464334 Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\GUYS\2\go_left.png (copy) entropy: 7.99538094038 Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\GUYS\2\go_right.png (copy) entropy: 7.99535037028 Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\GUYS\2\jump.png (copy) entropy: 7.99334846965 Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\GUYS\2\jump_left.png (copy) entropy: 7.99575230973 Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\GUYS\2\jump_right.png (copy) entropy: 7.9946717695 Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\GUYS\2\stand.png (copy) entropy: 7.99340947533 Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\GUYS\3\go_left.png (copy) entropy: 7.99562073358 Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\GUYS\3\go_right.png (copy) entropy: 7.99622269534 Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\GUYS\3\jump.png (copy) entropy: 7.99563890109 Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\GUYS\3\jump_left.png (copy) entropy: 7.99473734471 Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\GUYS\3\jump_right.png (copy) entropy: 7.99479458205 Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\GUYS\3\stand.png (copy) entropy: 7.99360429482 Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\GUYS\4\go_left.png (copy) entropy: 7.99419417403 Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\GUYS\4\go_right.png (copy) entropy: 7.99495675357 Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\GUYS\4\jump.png (copy) entropy: 7.99443916538 Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\GUYS\4\jump_left.png (copy) entropy: 7.99345471292 Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\GUYS\4\jump_right.png (copy) entropy: 7.99431418454 Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\GUYS\4\stand.png (copy) entropy: 7.99431247841 Jump to dropped file
PE file contains executable resources (Code or Archives)
Source: SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp.1.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp.1.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-NQGNM.tmp.2.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-NQGNM.tmp.2.dr Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Sample file is different than original file name gathered from version info
Source: SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe, 00000001.00000003.2131006914.000000007FE40000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameshfolder.dll~/ vs SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe
Source: SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe, 00000001.00000003.2130764314.0000000002554000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenameshfolder.dll~/ vs SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe
Uses 32bit PE files
Source: SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: classification engine Classification label: clean13.rans.winEXE@18/158@16/7
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Users\user\AppData\Local\Programs Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe File created: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File read: C:\Program Files (x86)\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization Jump to behavior
Source: SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe String found in binary or memory: /LOADINF="filename"
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe File read: C:\Users\user\Desktop\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe "C:\Users\user\Desktop\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe Process created: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp "C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp" /SL5="$10416,8952147,119296,C:\Users\user\Desktop\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe"
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.myrealgames.com/?utm_source=VolleyballFight&utm_medium=downloadable_install
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=2040,i,4332193433497221283,9164000764175656258,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe Process created: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp "C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp" /SL5="$10416,8952147,119296,C:\Users\user\Desktop\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.myrealgames.com/?utm_source=VolleyballFight&utm_medium=downloadable_install Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=2040,i,4332193433497221283,9164000764175656258,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: msftedit.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: windows.globalization.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: bcp47mrm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: globinputhost.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: windows.ui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: windowmanagementapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: inputhost.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: linkinfo.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: ntshrui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: cscapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: ieframe.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: msiso.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: mlang.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: policymanager.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32 Jump to behavior
Source: Volleyball Fight.lnk.2.dr LNK file: ..\..\..\Program Files (x86)\MyRealGames.com\Volleyball Fight\game.exe
Source: Play Volleyball Fight.lnk.2.dr LNK file: ..\..\..\..\..\..\..\Program Files (x86)\MyRealGames.com\Volleyball Fight\game.exe
Source: Visit MyRealGames.com.lnk.2.dr LNK file: ..\..\..\..\..\..\..\Program Files (x86)\MyRealGames.com\Volleyball Fight\website.url
Source: Uninstall Volleyball Fight.lnk.2.dr LNK file: ..\..\..\..\..\..\..\Program Files (x86)\MyRealGames.com\Volleyball Fight\unins000.exe
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Window found: window name: TMainForm Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Automated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe Static file information: File size 9361914 > 1048576
Drops PE files
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe File created: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\is-IEG5U.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\is-PI5E6.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Users\user\AppData\Local\Temp\is-S9K2R.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Users\user\AppData\Local\Temp\is-S9K2R.tmp\_isetup\_shfoldr.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\unins000.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\is-NQGNM.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\game.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\reglib.dll (copy) Jump to dropped file
Stores files to the Windows start menu directory
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyRealGames.com Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyRealGames.com\Volleyball Fight Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyRealGames.com\Volleyball Fight\Play Volleyball Fight.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyRealGames.com\Volleyball Fight\Visit MyRealGames.com.lnk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyRealGames.com\Volleyball Fight\Uninstall Volleyball Fight.lnk Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Dropped PE file which has not been started: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\is-IEG5U.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Dropped PE file which has not been started: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\is-PI5E6.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-S9K2R.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Dropped PE file which has not been started: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\unins000.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-S9K2R.tmp\_isetup\_shfoldr.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Dropped PE file which has not been started: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\is-NQGNM.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Dropped PE file which has not been started: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\game.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Dropped PE file which has not been started: C:\Program Files (x86)\MyRealGames.com\Volleyball Fight\reglib.dll (copy) Jump to dropped file
Queries keyboard layouts
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809 Jump to behavior
Source: SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe, is-LCEPI.tmp.2.dr Binary or memory string: EdHGfs
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Process information queried: ProcessInformation Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.myrealgames.com/?utm_source=VolleyballFight&utm_medium=downloadable_install Jump to behavior
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-TA4DQ.tmp\SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1446065 Sample: SecuriteInfo.com.PUA.INNO.A... Startdate: 22/05/2024 Architecture: WINDOWS Score: 13 7 SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.exe 2 2->7         started        file3 20 SecuriteInfo.com.P...olbar.5344.7442.tmp, PE32 7->20 dropped 10 SecuriteInfo.com.PUA.INNO.APNToolbar.5344.7442.tmp 21 108 7->10         started        process4 file5 22 C:\Program Files (x86)\...\stand.png (copy), PNG 10->22 dropped 24 C:\...\jump_right.png (copy), PNG 10->24 dropped 26 C:\...\jump_left.png (copy), PNG 10->26 dropped 28 36 other files (28 malicious) 10->28 dropped 40 Writes many files with high entropy 10->40 14 chrome.exe 1 10->14         started        signatures6 process7 dnsIp8 36 192.168.2.6, 443, 49229, 49704 unknown unknown 14->36 38 239.255.255.250 unknown Reserved 14->38 17 chrome.exe 14->17         started        process9 dnsIp10 30 11133-1.b.cdn12.com 67.216.91.202, 443, 49740, 49741 WEBZILLANL United States 17->30 32 myrealgames.com 66.242.8.2, 443, 49721, 49722 SERVERS-COMUS United States 17->32 34 5 other IPs or domains 17->34
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.17.24.14
 cdnjs.cloudflare.com United States
13335 CLOUDFLARENETUS false
67.216.91.202
 11133-1.b.cdn12.com United States
35415 WEBZILLANL false
104.16.224.240
 static.getclicky.com United States
13335 CLOUDFLARENETUS false
239.255.255.250
 unknown Reserved
unknown unknown false
142.250.186.100
 www.google.com United States
15169 GOOGLEUS false
66.242.8.2
 myrealgames.com United States
7979 SERVERS-COMUS false

Private

IP
192.168.2.6

Contacted Domains

Name IP Active
myrealgames.com 66.242.8.2 true
static.getclicky.com 104.16.224.240 true
cdnjs.cloudflare.com 104.17.24.14 true
11133-1.b.cdn12.com 67.216.91.202 true
www.google.com 142.250.186.100 true
cdn.myrealgames.com unknown unknown
www.myrealgames.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://www.myrealgames.com/images/flags/fr.gif false
  • Avira URL Cloud: safe
 unknown
https://www.myrealgames.com/favicon.ico false
  • Avira URL Cloud: safe
 unknown
https://cdn.myrealgames.com/images/bg.jpg false
  • Avira URL Cloud: safe
 unknown
https://cdn.myrealgames.com/minify/38f176f009d31d679ce5017dd72c4b1d68ebdb1c.js false
  • Avira URL Cloud: safe
 unknown
http://www.myrealgames.com/?utm_source=VolleyballFight&utm_medium=downloadable_install false
  • Avira URL Cloud: safe
 unknown
https://www.myrealgames.com/?utm_source=VolleyballFight&utm_medium=downloadable_install false
  • Avira URL Cloud: safe
 unknown
https://cdn.myrealgames.com/images/logo-middle.png false
  • Avira URL Cloud: safe
 unknown
https://www.myrealgames.com/images/flags/ru.gif false
  • Avira URL Cloud: safe
 unknown
https://cdn.myrealgames.com/minify/76ed5da15d06d5fb97dde5b6ace0430b2b443b2a.css false
  • Avira URL Cloud: safe
 unknown
https://www.myrealgames.com/pcgame-install.html?utm_source=VolleyballFight&utm_medium=downloadable_install false
    		unknown
    https://cdn.myrealgames.com/images/sprite.png false
    • Avira URL Cloud: safe
    		 unknown