Windows Analysis Report
NhWAWEhCi7.exe

Overview

General Information

Sample name: NhWAWEhCi7.exe
renamed because original name is a hash value
Original sample name: 1409b5a7ac2a6be45fa954730b058da4.exe
Analysis ID: 1465150
MD5: 1409b5a7ac2a6be45fa954730b058da4
SHA1: 00eab66887ff6ff4d6325d8a0e74adb624faf6de
SHA256: 1e7fb39c52ba502920d98374e0cdf8a2447c737bd0b88c06839e81be3a751688
Tags: DofoilexeSmokeLoader
Infos:

Detection

LummaC, SmokeLoader
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus detection for dropped file
Benign windows process drops PE files
Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected LummaC Stealer
Yara detected SmokeLoader
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Checks if the current machine is a virtual machine (disk enumeration)
Creates a thread in another existing process (thread injection)
Deletes itself after installation
Found many strings related to Crypto-Wallets (likely being stolen)
Hides that the sample has been downloaded from the Internet (zone.identifier)
LummaC encrypted strings found
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Query firmware table information (likely to detect VMs)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches for user specific document files
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Execution of Suspicious File Type Extension
Too many similar processes found
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Credential Stealer
Yara signature match

Classification

Name Description Attribution Blogpost URLs Link
Lumma Stealer, LummaC2 Stealer Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
Name Description Attribution Blogpost URLs Link
SmokeLoader The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body.
  • SMOKY SPIDER
 https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader

AV Detection
barindex
Antivirus detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Avira: detection malicious, Label: HEUR/AGEN.1359405
Source: C:\Users\user\AppData\Local\Temp\setup.exe Avira: detection malicious, Label: HEUR/AGEN.1359405
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Avira: detection malicious, Label: HEUR/AGEN.1352426
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\huge[1].dat Avira: detection malicious, Label: HEUR/AGEN.1359405
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Avira: detection malicious, Label: HEUR/AGEN.1313486
Found malware configuration
Source: 00000000.00000002.1751297213.0000000002E80000.00000004.00001000.00020000.00000000.sdmp Malware Configuration Extractor: SmokeLoader {"Version": 2022, "C2 list": ["http://evilos.cc/tmp/index.php", "http://gebeus.ru/tmp/index.php", "http://office-techs.biz/tmp/index.php", "http://cx5519.com/tmp/index.php"]}
Source: 9FC5.exe.7716.6.memstrmin Malware Configuration Extractor: LummaC {"C2 url": ["pedestriankodwu.xyz", "towerxxuytwi.xyz", "ellaboratepwsz.xyz", "penetratedpoopp.xyz", "swellfrrgwwos.xyz", "contintnetksows.shop", "foodypannyjsud.shop", "potterryisiw.shop", "potterryisiw.shop"], "Build id": "bOKHNM--"}
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe ReversingLabs: Detection: 50%
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Virustotal: Detection: 22% Perma Link
Source: C:\Users\user\AppData\Local\Temp\D57C.exe ReversingLabs: Detection: 20%
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Virustotal: Detection: 9% Perma Link
Source: C:\Users\user\AppData\Roaming\GamePall\Del.exe Virustotal: Detection: 11% Perma Link
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Virustotal: Detection: 11% Perma Link
Multi AV Scanner detection for submitted file
Source: NhWAWEhCi7.exe ReversingLabs: Detection: 60%
Source: NhWAWEhCi7.exe Virustotal: Detection: 54% Perma Link
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 98.9% probability
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Roaming\bbehcjh Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\GamePall\Del.exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Joe Sandbox ML: detected
Machine Learning detection for sample
Source: NhWAWEhCi7.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: NhWAWEhCi7.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Users\user\AppData\Local\Temp\setup.exe Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GamePall Jump to behavior
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe File opened: C:\Windows\SysWOW64\msvcr100.dll Jump to behavior
Source: Binary string: Y:\work\CEF3_git\chromium\src\out\Release_GN_x86\WidevineCdm\_platform_specific\win_x86\widevinecdmadapter.dll.pdb source: widevinecdmadapter.dll.9.dr
Source: Binary string: libEGL.dll.pdb source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\work\newContent\secondBranch\cefglue-main\CefGlue\obj\Release\net40\Xilium.CefGlue.pdb source: GamePall.exe, GamePall.exe, 0000000A.00000002.3684752300.0000000005492000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: e:\work\newContent\secondBranch\new\GamePall\obj\Release\GamePall.pdb source: GamePall.exe, 0000000A.00000000.3346816401.0000000000662000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: E:\work\newContent\secondBranch\cefglue-main\CefGlue\obj\Release\net40\Xilium.CefGlue.pdbSHA256 source: GamePall.exe, 0000000A.00000002.3684752300.0000000005492000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: c:\log4net\tags\2.0.8RC1\bin\net\4.0\release\log4net.pdbLK source: GamePall.exe, 00000013.00000002.3452823572.00000000058D2000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: Y:\work\CEF3_git\chromium\src\out\Release_GN_x86\WidevineCdm\_platform_specific\win_x86\widevinecdmadapter.dll.pdbGCTL source: widevinecdmadapter.dll.9.dr
Source: Binary string: *?|<>/":%s%s.dllC:\Users\user\AppData\Roaming\GamePall\GamePall.exeewall.dllll.pdbC:\Users\user\AppData\Roaming\GamePall\Uninstall.exemePalll source: setup.exe, 00000009.00000002.3698724349.000000000040A000.00000004.00000001.01000000.0000000C.sdmp
Source: Binary string: c:\log4net\tags\2.0.8RC1\bin\net\4.0\release\log4net.pdb source: GamePall.exe, GamePall.exe, 00000013.00000002.3452823572.00000000058D2000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: libGLESv2.dll.pdb source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Xilium.CefGlue.pdb source: setup.exe, 00000009.00000002.3699086697.00000000006B9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \swiftshaderXilium.CefGlue.pdb source: setup.exe, 00000009.00000002.3699086697.00000000006B9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Y:\work\CEF3_git\chromium\src\out\Release_GN_x86\libGLESv2.dll.pdb source: libGLESv2.dll0.9.dr
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Directory queried: number of queries: 1694
Source: C:\Users\user\AppData\Local\Temp\setup.exe Code function: 9_2_00405B4A CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, 9_2_00405B4A
Source: C:\Users\user\AppData\Local\Temp\setup.exe Code function: 9_2_004066FF FindFirstFileA,FindClose, 9_2_004066FF
Source: C:\Users\user\AppData\Local\Temp\setup.exe Code function: 9_2_004027AA FindFirstFileA, 9_2_004027AA

Networking
barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\explorer.exe Network Connect: 127.0.0.127 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 188.114.97.3 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 141.8.192.6 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 189.61.54.32 80 Jump to behavior
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: pedestriankodwu.xyz
Source: Malware configuration extractor URLs: towerxxuytwi.xyz
Source: Malware configuration extractor URLs: ellaboratepwsz.xyz
Source: Malware configuration extractor URLs: penetratedpoopp.xyz
Source: Malware configuration extractor URLs: swellfrrgwwos.xyz
Source: Malware configuration extractor URLs: contintnetksows.shop
Source: Malware configuration extractor URLs: foodypannyjsud.shop
Source: Malware configuration extractor URLs: potterryisiw.shop
Source: Malware configuration extractor URLs: potterryisiw.shop
Source: Malware configuration extractor URLs: http://evilos.cc/tmp/index.php
Source: Malware configuration extractor URLs: http://gebeus.ru/tmp/index.php
Source: Malware configuration extractor URLs: http://office-techs.biz/tmp/index.php
Source: Malware configuration extractor URLs: http://cx5519.com/tmp/index.php
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 139.45.197.238 139.45.197.238
Source: Joe Sandbox View IP Address: 139.45.197.238 139.45.197.238
Source: Joe Sandbox View IP Address: 1.1.1.1 1.1.1.1
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/1085
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/1423136
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/1423136dumpTranslatedShadersWrite
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/1452
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/1452expandIntegerPowExpressionsThe
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/1512
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/1637
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/1936
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/2046
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/2152
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/2152skipVSConstantRegisterZeroIn
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/2162
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/2273
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/2517
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/2894
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/2970
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/2978
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/3027
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/3078
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/3205
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/3206
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/3246
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/3246allowClearForRobustResourceInitSome
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/3452
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/3498
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/3502
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/3577
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/3584
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/3586
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/3623
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/3624
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/3625
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/3682
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/3682allowES3OnFL100Allow
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/3729
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/3832
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/3862
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/3965
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/3970
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/3997
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/4214
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/4267
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/4324
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/4384
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/4405
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/4428
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/4551
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/4633
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/4646
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/4722
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/482
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/4836
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/4901
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/4937
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/5007
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/5007disableDrawBuffersIndexedDisable
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/5055
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/5061
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/5281
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/5371
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/5375
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/5421
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/5430
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/5469
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/5535
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/5577
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/5658
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/5658forceGlErrorCheckingForce
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/5750
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/5750forceRobustResourceInitForce-enable
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/5881
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/5901
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/5906
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/6041
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/6041forceInitShaderVariablesForce-enable
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/6048
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/6141
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/6248
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/6439
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/6651
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/6692
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/6755
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/6860
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/6876
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/6878
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/6929
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/6953
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/7036
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/7036dumpShaderSourceWrite
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/7047
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/7172
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/7279
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/7279cacheCompiledShaderEnable
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/7370
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/7406
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/7488
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/7527
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/7553
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/7556
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/7724
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/7724disableAnisotropicFilteringDisable
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/7760
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/7760enableShaderSubstitutionCheck
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/7761
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/7761disableProgramCachingDisables
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/8162
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/8172
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/8215
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/8229
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/8280
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/8280enableTranslatedShaderSubstitutionCheck
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/8291
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://anglebug.com/8297
Source: GamePall.exe, 0000001D.00000002.3789631427.0000000003147000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://api.install-stat.debug.world/clients/activity
Source: GamePall.exe, 00000016.00000002.3863102483.0000000002901000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://api.install-stat.debug.world/clients/activity.0
Source: GamePall.exe, 0000001B.00000002.3940827175.0000000002B68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://api.install-stat.debug.world/clients/activity.0H
Source: GamePall.exe, 0000001D.00000002.3789631427.0000000003147000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://api.install-stat.debug.world/clients/installs
Source: GamePall.exe, 0000001D.00000002.3789631427.0000000003147000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://bageyou.xyz
Source: GamePall.exe, 0000000A.00000002.3555995225.00000000029D5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://bageyou.xyz/c/g
Source: GamePall.exe, 0000000A.00000002.3555995225.00000000029D5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://bageyou.xyz/c/g4
Source: 9FC5.exe, 00000006.00000003.2154490258.0000000003911000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: 9FC5.exe, 00000006.00000003.2154490258.0000000003911000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: explorer.exe, 00000001.00000000.1737455091.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1735578881.00000000079FB000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://crbug.com/1094869
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://crbug.com/110263
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://crbug.com/1144207
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://crbug.com/1171371
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://crbug.com/1181068
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://crbug.com/1181193
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://crbug.com/1420130
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://crbug.com/1434317
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://crbug.com/1456243
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://crbug.com/308366
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://crbug.com/403957
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://crbug.com/550292
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://crbug.com/565179
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://crbug.com/642227
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://crbug.com/642605
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://crbug.com/644669
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://crbug.com/650547
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://crbug.com/672380
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://crbug.com/709351
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://crbug.com/797243
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://crbug.com/809422
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://crbug.com/830046
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://crbug.com/883276
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://crbug.com/927470
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://crbug.com/941620
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://crbug.com/941620allowTranslateUniformBlockToStructuredBufferThere
Source: 9FC5.exe, 00000006.00000003.2154490258.0000000003911000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: 9FC5.exe, 00000006.00000003.2154490258.0000000003911000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: 9FC5.exe, 00000006.00000003.2154490258.0000000003911000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: explorer.exe, 00000001.00000000.1737455091.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1735578881.00000000079FB000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: 9FC5.exe, 00000006.00000003.2154490258.0000000003911000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: explorer.exe, 00000001.00000000.1737455091.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1735578881.00000000079FB000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: 9FC5.exe, 00000006.00000003.2154490258.0000000003911000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: libGLESv2.dll0.9.dr String found in binary or memory: http://issuetracker.google.com/200067929
Source: GamePall.exe String found in binary or memory: http://logging.apache.org/log4ne
Source: GamePall.exe, 00000013.00000002.3452823572.00000000058D2000.00000002.00000001.01000000.00000010.sdmp String found in binary or memory: http://logging.apache.org/log4net/release/faq.html#trouble-EventLog
Source: setup.exe, setup.exe, 00000009.00000002.3698724349.000000000040A000.00000004.00000001.01000000.0000000C.sdmp, setup.exe, 00000009.00000003.3348136916.0000000000716000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000009.00000000.3053813392.000000000040A000.00000008.00000001.01000000.0000000C.sdmp, Uninstall.exe.9.dr, D57C.exe.1.dr String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: D57C.exe, 00000007.00000000.2209378492.000000000040A000.00000008.00000001.01000000.00000008.sdmp, setup.exe, 00000009.00000002.3698724349.000000000040A000.00000004.00000001.01000000.0000000C.sdmp, setup.exe, 00000009.00000003.3348136916.0000000000716000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000009.00000000.3053813392.000000000040A000.00000008.00000001.01000000.0000000C.sdmp, Uninstall.exe.9.dr, D57C.exe.1.dr String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: explorer.exe, 00000001.00000000.1737455091.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1735578881.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2154490258.0000000003911000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0
Source: explorer.exe, 00000001.00000000.1735578881.00000000078AD000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: 9FC5.exe, 00000006.00000003.2154490258.0000000003911000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: explorer.exe, 00000001.00000000.1735578881.00000000079FB000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://schemas.mi
Source: explorer.exe, 00000001.00000000.1735578881.00000000079FB000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: http://schemas.micr
Source: explorer.exe, 00000001.00000000.1738326788.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1736472376.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1736965256.0000000008720000.00000002.00000001.00040000.00000000.sdmp String found in binary or memory: http://schemas.micro
Source: GamePall.exe, 0000000A.00000002.3555995225.0000000002D1B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: GamePall.exe, GamePall.exe, 00000013.00000002.3452823572.00000000058D2000.00000002.00000001.01000000.00000010.sdmp String found in binary or memory: http://www.apache.org/).
Source: GamePall.exe, GamePall.exe, 00000013.00000002.3452823572.00000000058D2000.00000002.00000001.01000000.00000010.sdmp String found in binary or memory: http://www.apache.org/licenses/
Source: GamePall.exe String found in binary or memory: http://www.apache.org/licenses/LICEN
Source: GamePall.exe, 00000013.00000002.3452823572.00000000058D2000.00000002.00000001.01000000.00000010.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: GamePall.exe, 0000000E.00000002.3897914441.0000000006261000.00000002.00000001.00040000.00000021.sdmp String found in binary or memory: http://www.unicode.org/copyright.html
Source: 9FC5.exe, 00000006.00000003.2154490258.0000000003911000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://x1.c.lencr.org/0
Source: 9FC5.exe, 00000006.00000003.2154490258.0000000003911000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://x1.i.lencr.org/0
Source: D57C.exe, 00000007.00000003.2212201510.0000000003090000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://xiexie.wf/22_551/huge.dat
Source: 9FC5.exe, 00000006.00000003.2128003261.0000000003928000.00000004.00000800.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2127898971.000000000392A000.00000004.00000800.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2128226065.0000000003928000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: explorer.exe, 00000001.00000000.1742888423.000000000C893000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
Source: explorer.exe, 00000001.00000000.1735578881.00000000079FB000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://aka.ms/Vh5j3k
Source: explorer.exe, 00000001.00000000.1735578881.00000000079FB000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://aka.ms/odirmr
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://anglebug.com/4674
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://anglebug.com/4830
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://anglebug.com/4849
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://anglebug.com/4966
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://anglebug.com/5140
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://anglebug.com/5536
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://anglebug.com/5845
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://anglebug.com/6574
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://anglebug.com/7161
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://anglebug.com/7162
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://anglebug.com/7246
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://anglebug.com/7246enableCaptureLimitsSet
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://anglebug.com/7308
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://anglebug.com/7319
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://anglebug.com/7320
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://anglebug.com/7369
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://anglebug.com/7382
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://anglebug.com/7405
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://anglebug.com/7489
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://anglebug.com/7604
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://anglebug.com/7714
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://anglebug.com/7847
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://anglebug.com/7899
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://anglebug.com/8308
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://anglebug.com/8315
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://anglebug.com/8319
Source: explorer.exe, 00000001.00000000.1737455091.00000000097D4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000001.00000000.1737455091.00000000097D4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://api.msn.com/q
Source: explorer.exe, 00000001.00000000.1734699317.0000000003700000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1734040387.0000000001248000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000001.00000000.1737455091.00000000096DF000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?&
Source: explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc
Source: explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1737455091.00000000097D4000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: explorer.exe, 00000001.00000000.1737455091.00000000096DF000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://arc.msn.comi
Source: explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg
Source: explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
Source: explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
Source: explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg
Source: 9FC5.exe, 00000006.00000003.2155866235.0000000001247000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: 9FC5.exe, 00000006.00000003.2155866235.0000000001247000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: 9FC5.exe, 00000006.00000003.2128003261.0000000003928000.00000004.00000800.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2127898971.000000000392A000.00000004.00000800.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2128226065.0000000003928000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
Source: explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
Source: explorer.exe, 00000001.00000000.1735578881.00000000078AD000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu
Source: explorer.exe, 00000001.00000000.1735578881.00000000078AD000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark
Source: explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu
Source: explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark
Source: explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY
Source: explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark
Source: 9FC5.exe, 00000006.00000003.2128003261.0000000003928000.00000004.00000800.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2127898971.000000000392A000.00000004.00000800.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2128226065.0000000003928000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: 9FC5.exe, 00000006.00000003.2128003261.0000000003928000.00000004.00000800.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2127898971.000000000392A000.00000004.00000800.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2128226065.0000000003928000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp, GamePall.exe, 0000000E.00000002.3790750255.0000000005A80000.00000002.00000001.00040000.0000001F.sdmp, te.pak.9.dr, lv.pak.9.dr, ja.pak.9.dr, tr.pak.9.dr, bg.pak.9.dr, ar.pak.9.dr, ca.pak.9.dr String found in binary or memory: https://chrome.google.com/webstore/category/extensions
Source: ar.pak.9.dr String found in binary or memory: https://chrome.google.com/webstore?hl=ar&category=theme81https://myactivity.google.com/myactivity/?u
Source: ar.pak.9.dr String found in binary or memory: https://chrome.google.com/webstore?hl=arCtrl$1
Source: bg.pak.9.dr String found in binary or memory: https://chrome.google.com/webstore?hl=bg&category=theme81https://myactivity.google.com/myactivity/?u
Source: bg.pak.9.dr String found in binary or memory: https://chrome.google.com/webstore?hl=bgCtrl$1
Source: ca.pak.9.dr String found in binary or memory: https://chrome.google.com/webstore?hl=ca&category=theme81https://myactivity.google.com/myactivity/?u
Source: ca.pak.9.dr String found in binary or memory: https://chrome.google.com/webstore?hl=caCtrl$1
Source: GamePall.exe, 0000000E.00000002.3790750255.0000000005A80000.00000002.00000001.00040000.0000001F.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en&category=theme81https://myactivity.google.com/myactivity/?u
Source: GamePall.exe, 0000000E.00000002.3790750255.0000000005A80000.00000002.00000001.00040000.0000001F.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=enCtrl$1
Source: ja.pak.9.dr String found in binary or memory: https://chrome.google.com/webstore?hl=ja&category=theme81https://myactivity.google.com/myactivity/?u
Source: ja.pak.9.dr String found in binary or memory: https://chrome.google.com/webstore?hl=jaCtrl$1
Source: lv.pak.9.dr String found in binary or memory: https://chrome.google.com/webstore?hl=lv&category=theme81https://myactivity.google.com/myactivity/?u
Source: lv.pak.9.dr String found in binary or memory: https://chrome.google.com/webstore?hl=lvCtrl$1
Source: te.pak.9.dr String found in binary or memory: https://chrome.google.com/webstore?hl=te&category=theme81https://myactivity.google.com/myactivity/?u
Source: te.pak.9.dr String found in binary or memory: https://chrome.google.com/webstore?hl=teCtrl$1
Source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp, tr.pak.9.dr String found in binary or memory: https://chrome.google.com/webstore?hl=tr&category=theme81https://myactivity.google.com/myactivity/?u
Source: tr.pak.9.dr String found in binary or memory: https://chrome.google.com/webstore?hl=trCtrl$1
Source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=uk&category=theme81https://myactivity.google.com/myactivity/?u
Source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=ukCtrl$1
Source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=ur&category=theme81https://myactivity.google.com/myactivity/?u
Source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=urCtrl$2
Source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=vi&category=theme81https://myactivity.google.com/myactivity/?u
Source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=viCtrl$1
Source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=zh-CN&category=theme81https://myactivity.google.com/myactivity
Source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=zh-CNCtrl$1
Source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=zh-TW&category=theme81https://myactivity.google.com/myactivity
Source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=zh-TWCtrl$1
Source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp, GamePall.exe, 0000000E.00000002.3790750255.0000000005A80000.00000002.00000001.00040000.0000001F.sdmp, te.pak.9.dr, lv.pak.9.dr, ja.pak.9.dr, tr.pak.9.dr, bg.pak.9.dr, ar.pak.9.dr, ca.pak.9.dr String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherEnabled
Source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp, GamePall.exe, 0000000E.00000002.3790750255.0000000005A80000.00000002.00000001.00040000.0000001F.sdmp, te.pak.9.dr, lv.pak.9.dr, ja.pak.9.dr, tr.pak.9.dr, bg.pak.9.dr, ar.pak.9.dr, ca.pak.9.dr String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl
Source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp, GamePall.exe, 0000000E.00000002.3790750255.0000000005A80000.00000002.00000001.00040000.0000001F.sdmp, te.pak.9.dr, lv.pak.9.dr, ja.pak.9.dr, tr.pak.9.dr, bg.pak.9.dr, ar.pak.9.dr, ca.pak.9.dr String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl
Source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp, GamePall.exe, 0000000E.00000002.3790750255.0000000005A80000.00000002.00000001.00040000.0000001F.sdmp, te.pak.9.dr, lv.pak.9.dr, ja.pak.9.dr, tr.pak.9.dr, bg.pak.9.dr, ar.pak.9.dr, ca.pak.9.dr String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlGreylist
Source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp, GamePall.exe, 0000000E.00000002.3790750255.0000000005A80000.00000002.00000001.00040000.0000001F.sdmp, te.pak.9.dr, lv.pak.9.dr, ja.pak.9.dr, tr.pak.9.dr, bg.pak.9.dr, ar.pak.9.dr, ca.pak.9.dr String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlList
Source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp, GamePall.exe, 0000000E.00000002.3790750255.0000000005A80000.00000002.00000001.00040000.0000001F.sdmp, te.pak.9.dr, lv.pak.9.dr, ja.pak.9.dr, tr.pak.9.dr, bg.pak.9.dr, ar.pak.9.dr, ca.pak.9.dr String found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUseIeSitelist
Source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp, GamePall.exe, 0000000E.00000002.3790750255.0000000005A80000.00000002.00000001.00040000.0000001F.sdmp, te.pak.9.dr, lv.pak.9.dr, ja.pak.9.dr, tr.pak.9.dr, bg.pak.9.dr, ar.pak.9.dr, ca.pak.9.dr String found in binary or memory: https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://chromium.googlesource.com/angle/angle/
Source: 9FC5.exe, 00000006.00000003.2155866235.0000000001247000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: 9FC5.exe, 00000006.00000003.2155866235.0000000001247000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://crbug.com/1042393
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://crbug.com/1046462
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://crbug.com/1060012
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://crbug.com/1091824
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://crbug.com/1137851
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://crbug.com/1300575
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://crbug.com/1356053
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://crbug.com/593024
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://crbug.com/593024selectViewInGeometryShaderThe
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://crbug.com/650547
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://crbug.com/650547callClearTwiceUsing
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://crbug.com/655534
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://crbug.com/655534useSystemMemoryForConstantBuffersCopying
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://crbug.com/705865
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://crbug.com/710443
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://crbug.com/811661
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://crbug.com/848952
Source: 9FC5.exe, 00000006.00000003.2128003261.0000000003928000.00000004.00000800.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2127898971.000000000392A000.00000004.00000800.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2128226065.0000000003928000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: 9FC5.exe, 00000006.00000003.2128003261.0000000003928000.00000004.00000800.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2127898971.000000000392A000.00000004.00000800.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2128226065.0000000003928000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: 9FC5.exe, 00000006.00000003.2128003261.0000000003928000.00000004.00000800.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2127898971.000000000392A000.00000004.00000800.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2128226065.0000000003928000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: explorer.exe, 00000001.00000000.1742888423.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://excel.office.com
Source: 9FC5.exe, 00000006.00000002.2229430748.0000000001232000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2186173434.0000000001231000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2127132469.00000000011EC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://foodypannyjsud.shop/
Source: 9FC5.exe, 00000006.00000003.2126935511.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2127132469.00000000011EC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://foodypannyjsud.shop/#
Source: 9FC5.exe, 00000006.00000003.2169023447.00000000038E5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://foodypannyjsud.shop/)
Source: 9FC5.exe, 00000006.00000003.2227498984.000000000122A000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2227718724.0000000001230000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2206702267.000000000122F000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2201140092.0000000001232000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000002.2229430748.0000000001232000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://foodypannyjsud.shop/F9
Source: 9FC5.exe, 00000006.00000003.2186173434.0000000001231000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2127132469.00000000011EC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://foodypannyjsud.shop/api
Source: 9FC5.exe, 00000006.00000002.2229611339.0000000001235000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2227498984.000000000122A000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2227915980.0000000001234000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2227718724.0000000001230000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://foodypannyjsud.shop/api)
Source: 9FC5.exe, 00000006.00000003.2185744877.000000000122F000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2185906229.0000000001230000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2186173434.0000000001231000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://foodypannyjsud.shop/apiD
Source: 9FC5.exe, 00000006.00000003.2185744877.000000000122F000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2185906229.0000000001230000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2186173434.0000000001231000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://foodypannyjsud.shop/apib
Source: 9FC5.exe, 00000006.00000003.2201140092.0000000001232000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://foodypannyjsud.shop/apim
Source: 9FC5.exe, 00000006.00000003.2227498984.000000000122A000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2227718724.0000000001230000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2206702267.000000000122F000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2201140092.0000000001232000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000002.2229430748.0000000001232000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://foodypannyjsud.shop/bu
Source: 9FC5.exe, 00000006.00000002.2229430748.0000000001232000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://foodypannyjsud.shop/pi
Source: 9FC5.exe, 00000006.00000003.2126935511.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2127132469.00000000011EC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://foodypannyjsud.shop/pii
Source: 9FC5.exe, 00000006.00000003.2185744877.000000000122F000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2185906229.0000000001230000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2186173434.0000000001231000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://foodypannyjsud.shop/s
Source: 9FC5.exe, 00000006.00000003.2126935511.00000000011CF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://foodypannyjsud.shop/v
Source: 9FC5.exe, 00000006.00000003.2185744877.000000000122F000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2185906229.0000000001230000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2186173434.0000000001231000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://foodypannyjsud.shop/w5
Source: 9FC5.exe, 00000006.00000002.2229430748.00000000011CD000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2199759534.00000000011CD000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2227498984.00000000011CD000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2185744877.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2201140092.00000000011CD000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2206702267.00000000011CD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://foodypannyjsud.shop:443/api
Source: 9FC5.exe, 00000006.00000002.2229430748.00000000011CD000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2227498984.00000000011CD000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2206702267.00000000011CD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://foodypannyjsud.shop:443/api;Y
Source: 9FC5.exe, 00000006.00000002.2229430748.00000000011CD000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2199759534.00000000011CD000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2227498984.00000000011CD000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2185744877.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2201140092.00000000011CD000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2206702267.00000000011CD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://foodypannyjsud.shop:443/apiuY
Source: explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
Source: explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hlXIY.img
Source: explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAKSoFp.img
Source: explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAXaopi.img
Source: explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAgi0nZ.img
Source: explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBqlLky.img
Source: explorer.exe, 00000001.00000000.1735578881.00000000078AD000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img
Source: 9FC5.exe, 00000006.00000003.2155866235.0000000001247000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://issuetracker.google.com/161903006
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://issuetracker.google.com/166809097
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://issuetracker.google.com/184850002
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://issuetracker.google.com/187425444
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://issuetracker.google.com/220069903
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://issuetracker.google.com/220069903emulatePixelLocalStorageEmulate
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://issuetracker.google.com/229267970
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://issuetracker.google.com/250706693
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://issuetracker.google.com/253522366
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://issuetracker.google.com/255411748
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://issuetracker.google.com/258207403
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://issuetracker.google.com/274859104
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://issuetracker.google.com/284462263
Source: libGLESv2.dll0.9.dr String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp, GamePall.exe, 0000000E.00000002.3790750255.0000000005A80000.00000002.00000001.00040000.0000001F.sdmp, te.pak.9.dr, lv.pak.9.dr, ja.pak.9.dr, tr.pak.9.dr, bg.pak.9.dr, ar.pak.9.dr, ca.pak.9.dr String found in binary or memory: https://myactivity.google.com/
Source: explorer.exe, 00000001.00000000.1742888423.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://outlook.com_
Source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp, bg.pak.9.dr, ar.pak.9.dr String found in binary or memory: https://passwords.google.com
Source: ca.pak.9.dr String found in binary or memory: https://passwords.google.comCompte
Source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp, GamePall.exe, 0000000E.00000002.3790750255.0000000005A80000.00000002.00000001.00040000.0000001F.sdmp, te.pak.9.dr, lv.pak.9.dr, ja.pak.9.dr, tr.pak.9.dr String found in binary or memory: https://passwords.google.comGoogle
Source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://passwords.google.comT
Source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp, GamePall.exe, 0000000E.00000002.3790750255.0000000005A80000.00000002.00000001.00040000.0000001F.sdmp, te.pak.9.dr, lv.pak.9.dr, ja.pak.9.dr, tr.pak.9.dr, bg.pak.9.dr, ar.pak.9.dr, ca.pak.9.dr String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp, GamePall.exe, 0000000E.00000002.3790750255.0000000005A80000.00000002.00000001.00040000.0000001F.sdmp, te.pak.9.dr, lv.pak.9.dr, ja.pak.9.dr, tr.pak.9.dr, bg.pak.9.dr, ar.pak.9.dr, ca.pak.9.dr String found in binary or memory: https://policies.google.com/
Source: explorer.exe, 00000001.00000000.1742888423.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://powerpoint.office.comcember
Source: GamePall.exe, 0000000A.00000002.3555995225.0000000002D2B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://rouonixon.com/4/4284489/?ymid=831224434781065217
Source: GamePall.exe, 0000000A.00000002.3555995225.0000000002D2B000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://rouonixon.com/4/4284489/?ymid=831224434781065217&var=4284488&price=
Source: explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://simpleflying.com/how-do-you-become-an-air-traffic-controller/
Source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp, te.pak.9.dr, lv.pak.9.dr, ja.pak.9.dr, tr.pak.9.dr, bg.pak.9.dr, ar.pak.9.dr, ca.pak.9.dr String found in binary or memory: https://support.google.com/chrome/a/answer/9122284
Source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp, GamePall.exe, 0000000E.00000002.3790750255.0000000005A80000.00000002.00000001.00040000.0000001F.sdmp, te.pak.9.dr, lv.pak.9.dr, ja.pak.9.dr, tr.pak.9.dr, bg.pak.9.dr, ar.pak.9.dr, ca.pak.9.dr String found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp, GamePall.exe, 0000000E.00000002.3790750255.0000000005A80000.00000002.00000001.00040000.0000001F.sdmp, te.pak.9.dr, lv.pak.9.dr, ja.pak.9.dr, tr.pak.9.dr, bg.pak.9.dr, ar.pak.9.dr, ca.pak.9.dr String found in binary or memory: https://support.google.com/chromebook?p=app_intent
Source: 9FC5.exe, 00000006.00000003.2127474613.000000000393F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.microsof
Source: 9FC5.exe, 00000006.00000003.2155458700.0000000003A00000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: 9FC5.exe, 00000006.00000003.2155458700.0000000003A00000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: 9FC5.exe, 00000006.00000003.2127474613.000000000393D000.00000004.00000800.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2127629896.0000000003936000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: 9FC5.exe, 00000006.00000003.2127629896.0000000003911000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: 9FC5.exe, 00000006.00000003.2127474613.000000000393D000.00000004.00000800.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2127629896.0000000003936000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: 9FC5.exe, 00000006.00000003.2127629896.0000000003911000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: GamePall.exe, 00000013.00000002.3421009126.0000000001337000.00000004.00000010.00020000.00000000.sdmp String found in binary or memory: https://svn.apache.org/repos/asf/logging/l
Source: GamePall.exe, GamePall.exe, 00000013.00000002.3452823572.00000000058D2000.00000002.00000001.01000000.00000010.sdmp, GamePall.exe, 00000013.00000002.3456616620.0000000005916000.00000002.00000001.01000000.00000010.sdmp String found in binary or memory: https://svn.apache.org/repos/asf/logging/log4net/tags/2.0.8RC1
Source: explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000001.00000000.1742888423.000000000C557000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://wns.windows.com/L
Source: explorer.exe, 00000001.00000000.1742888423.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://word.office.com
Source: 9FC5.exe, 00000006.00000003.2155866235.0000000001247000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: 9FC5.exe, 00000006.00000003.2128003261.0000000003928000.00000004.00000800.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2127898971.000000000392A000.00000004.00000800.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2128226065.0000000003928000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/newtab/
Source: 9FC5.exe, 00000006.00000003.2155866235.0000000001247000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp, te.pak.9.dr, ja.pak.9.dr, bg.pak.9.dr, ar.pak.9.dr String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html
Source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html&
Source: ca.pak.9.dr String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlA&judaGestionat
Source: GamePall.exe, 0000000E.00000002.3790750255.0000000005A80000.00000002.00000001.00040000.0000001F.sdmp String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlH&elpManaged
Source: lv.pak.9.dr String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlP&al
Source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlT&r
Source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp, tr.pak.9.dr String found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlYar&d
Source: 9FC5.exe, 00000006.00000003.2128003261.0000000003928000.00000004.00000800.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2127898971.000000000392A000.00000004.00000800.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2128226065.0000000003928000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: 9FC5.exe, 00000006.00000003.2155458700.0000000003A00000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: 9FC5.exe, 00000006.00000003.2155458700.0000000003A00000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: 9FC5.exe, 00000006.00000003.2155458700.0000000003A00000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: 9FC5.exe, 00000006.00000003.2155458700.0000000003A00000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: 9FC5.exe, 00000006.00000003.2155458700.0000000003A00000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1
Source: explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi
Source: explorer.exe, 00000001.00000000.1735578881.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A
Source: explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-
Source: explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-
Source: explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d
Source: explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent
Source: explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we
Source: explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar
Source: explorer.exe, 00000001.00000000.1735578881.00000000078AD000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl
Source: explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at
Source: explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-of
Source: explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win
Source: explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.msn.com:443/en-us/feed
Source: explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.rd.com/list/polite-habits-campers-dislike/
Source: explorer.exe, 00000001.00000000.1735578881.0000000007900000.00000004.00000001.00020000.00000000.sdmp String found in binary or memory: https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe

Key, Mouse, Clipboard, Microphone and Screen Capturing
barindex
Yara detected SmokeLoader
Source: Yara match File source: 00000000.00000002.1751297213.0000000002E80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1751333765.0000000002EA1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.1990748003.0000000004851000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.1990664978.0000000004820000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Contains functionality for read data from the clipboard
Source: C:\Users\user\AppData\Local\Temp\setup.exe Code function: 9_2_004055E7 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard, 9_2_004055E7
Too many similar processes found
Source: GamePall.exe Process created: 58

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 00000000.00000002.1751429960.0000000002EED000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000002.1751297213.0000000002E80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000000.00000002.1751333765.0000000002EA1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000005.00000002.1990395663.0000000002C50000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000000.00000002.1751277503.0000000002E70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000005.00000002.1990497088.0000000002C7C000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000005.00000002.1990748003.0000000004851000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000005.00000002.1990664978.0000000004820000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Abnormal high CPU Usage
Source: C:\Windows\explorer.exe Process Stats: CPU usage > 49%
Contains functionality to call native functions
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Code function: 0_2_00401538 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, 0_2_00401538
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Code function: 0_2_00402FE9 RtlCreateUserThread,NtTerminateProcess, 0_2_00402FE9
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Code function: 0_2_004014DE NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, 0_2_004014DE
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Code function: 0_2_00401496 NtAllocateVirtualMemory,NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, 0_2_00401496
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Code function: 0_2_00401543 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, 0_2_00401543
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Code function: 0_2_00401565 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, 0_2_00401565
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Code function: 0_2_00401579 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, 0_2_00401579
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Code function: 0_2_0040157C NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, 0_2_0040157C
Source: C:\Users\user\AppData\Roaming\bbehcjh Code function: 5_2_00401538 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, 5_2_00401538
Source: C:\Users\user\AppData\Roaming\bbehcjh Code function: 5_2_00402FE9 RtlCreateUserThread,NtTerminateProcess, 5_2_00402FE9
Source: C:\Users\user\AppData\Roaming\bbehcjh Code function: 5_2_004014DE NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, 5_2_004014DE
Source: C:\Users\user\AppData\Roaming\bbehcjh Code function: 5_2_00401496 NtAllocateVirtualMemory,NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, 5_2_00401496
Source: C:\Users\user\AppData\Roaming\bbehcjh Code function: 5_2_00401543 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, 5_2_00401543
Source: C:\Users\user\AppData\Roaming\bbehcjh Code function: 5_2_00401565 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, 5_2_00401565
Source: C:\Users\user\AppData\Roaming\bbehcjh Code function: 5_2_00401579 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, 5_2_00401579
Source: C:\Users\user\AppData\Roaming\bbehcjh Code function: 5_2_0040157C NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, 5_2_0040157C
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\AppData\Local\Temp\setup.exe Code function: 9_2_004034CC EntryPoint,SetErrorMode,GetVersionExA,GetVersionExA,GetVersionExA,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 9_2_004034CC
Detected potential crypto function
Source: C:\Users\user\AppData\Local\Temp\setup.exe Code function: 9_2_00406A88 9_2_00406A88
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Code function: 10_2_00EE4F58 10_2_00EE4F58
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Code function: 10_2_053E5F38 10_2_053E5F38
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Code function: 10_2_053E6808 10_2_053E6808
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Code function: 10_2_053E57F0 10_2_053E57F0
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Code function: 10_2_053E7A38 10_2_053E7A38
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Code function: 10_2_053E7A28 10_2_053E7A28
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Code function: 12_2_02BB1049 12_2_02BB1049
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Code function: 13_2_02244F58 13_2_02244F58
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Code function: 13_2_02243860 13_2_02243860
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Code function: 14_2_012A4E20 14_2_012A4E20
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Code function: 14_2_012A1049 14_2_012A1049
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Code function: 16_2_01204F58 16_2_01204F58
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Code function: 16_2_01203860 16_2_01203860
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Code function: 16_2_01201049 16_2_01201049
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Code function: 18_2_031E4F58 18_2_031E4F58
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Code function: 18_2_031E3860 18_2_031E3860
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Code function: 18_2_031E1049 18_2_031E1049
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Code function: 19_2_017B0EE4 19_2_017B0EE4
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Code function: 22_2_01124F58 22_2_01124F58
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Code function: 22_2_01123860 22_2_01123860
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Code function: 29_2_01624F58 29_2_01624F58
Sample file is different than original file name gathered from version info
Source: NhWAWEhCi7.exe, 00000000.00000002.1751145360.0000000002BE4000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamesAtlassing0 vs NhWAWEhCi7.exe
Source: NhWAWEhCi7.exe Binary or memory string: OriginalFilenamesAtlassing0 vs NhWAWEhCi7.exe
Uses 32bit PE files
Source: NhWAWEhCi7.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Yara signature match
Source: 00000000.00000002.1751429960.0000000002EED000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000002.1751297213.0000000002E80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000000.00000002.1751333765.0000000002EA1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000005.00000002.1990395663.0000000002C50000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000000.00000002.1751277503.0000000002E70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000005.00000002.1990497088.0000000002C7C000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000005.00000002.1990748003.0000000004851000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000005.00000002.1990664978.0000000004820000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: NhWAWEhCi7.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: bbehcjh.1.dr Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: Ionic.Zip.dll.9.dr, WinZipAesCipherStream.cs Cryptographic APIs: 'TransformBlock'
Source: Ionic.Zip.dll.9.dr, WinZipAesCipherStream.cs Cryptographic APIs: 'TransformFinalBlock'
Source: Ionic.Zip.dll.9.dr, WinZipAesCipherStream.cs Cryptographic APIs: 'TransformFinalBlock', 'TransformBlock'
Source: GamePall.exe.9.dr, Program.cs Base64 encoded string: 'pizR9uKkcZIkMW+F1cRjYV0LMt6eYXmLuiNCndESDPkTO3eY1Mjv7Hs2Qvo+t26G', 'ZTDMzZVpdA1FSa2RiY6ZCl2QGyLDtQ3OBRa/N40wO2xxcvcDsATtLRGwKtaEB36dqPJnDF8qXNs92JbMBlsOyg==', 'nYQvMVlU2Asj2rNkmi7xBNqGCkGzSnaP0raCPfB8A9hSwWFTIjPcsKgDrCVAEwSQ1lHf/WOhnKR59a5JjrkJVUOFvV43wO8MM1FKgjYuj7ZzvvuGve+okViUQx+oGN+llGnjS4Fm9o1MUn7p+qcPVIDZRcvMal1ARjQNk+bFvT5vC4J8slkhLZYtvBYmOybvSK90G7/f/U8GPBdM7WBmfFdHzzGxw6WFcHlkdySP8Nvmzff08RdOn8QOu8FlABEqqEjQ0W84v+/lU0lmhvzugpodd8fIp2kb2/twZPg9/Jsy5viOC65K8bs1ES63SA2d62f5cJYpFf1f0WBQbCBcSzfwiDlBCWVIW9vFXW1awyEMdm3q36+BViyETC5tnyHuoLRgf3bXoQAwqE0OIII5DROfW+LmqqHY82rVXHAqhVjdA2wZRWcSI1zxV7+qTfhmp9qbIQAWSuuXTzhbIvI3gjvtPCdz9uBv8rjyg1XZNxfdgYdtF+klyGgKdefnu5G2pgjfT3Kb/VbjgkFvLlqtWNr5K7iC080FVeHsZazMHUrrDtsmNdChtvnX8Zj77rIGVxi9RfvHhhIhBj+WSos+lJ2nuvQkUpqVEa1mrZSwPezG/uoh0qvs+BAHbNFNjv99WS6tgWIkvcQVCi2h3cfxTGQiZDetQZqB+N/mnvgC6WdrcRKGHBE4mp6bpgTY9+nt3lPiH6OZnlxC8rdHbuGtY6R/FgNFYkw49JWXYeZ1VV3KnjSrFMvDlkyMCAW1X9/1VoC+f73WVYMLwXafDKtGO2lfr9vwKms+8HoEgs7bj0aroIPdmLK/z/djAsFZO8Vp', 'T7BWwqrn4yISEECEAnARpwE8R+3lDHSc+RlcJT90an1SNsS27lGBQjOx4RmDHlrj7oJnnzx1IWXOkbTfLzBeCfU6UJhOIoQKhcWidAxAKIxvqZnoB6AujIU0F7dEj65vahyTdEvkIxzFaV2+akbl53KcDi5RPBOP16iXVi0WJdHV5AbSCI9WCEcSX/fUpmukBh4bjVF/T/P/B6TFVtNZintCOSO2Ha+2va2CJMOnJ020zYskwuvcH9d1rGD3Zf9RBC2obzrhRNK2LXTEIYnifs6L2UdqFhw5aANXILziQtzKvsTQKvc15hvHCCoeXJCyyK7/WgA/oRu7bdrTs2DwCQ==', 'ZY0WCEgzqiLEU8ZUVJwGTpbkuL9KoMwYVloBqJXjur8rfBZEXTysQNKRQ1H7/vn7o0wyHAux60SVy06r4v6So5WWxddei09LXvL6ZwK/tyY=', 's7iS2XfzyI+IBoARaZQlTINg1kEy7qT7EopaSHQzpqktZBtc7UiOYrPdv/6f4cNI', 'o2ZleBui4P9C2ZjnB98Vuesy1C+WucHiXjQJ8RANoX6TheGfnLYAWDsXRfSeNCDHWdkBP2RBrkWPBy/nuM2NFLMETMUsPFeG3JHWafvGKzaNEjYO3Up9m61SnaY5tINvLCYJ/TKITszJ9H1YSm2chnmQGLUzbz4pwvWvvKfH8m7z585W73/QZrtw3l/30vcZaVocgwemYusDJYsOTgeWc0okiDahD7qtJcBYZ0aOzxZZmHDMBYigkRVf8GTJ/xucA/i7EHBFpaWoLVZVcuGFMA==', 'T7BWwqrn4yISEECEAnARp+JyVgG3cZc2/9+3VbyOjc4PuRSCU7ZfXuXpIIH8uj2roUU+W7nSmXHqTuxLhe6DBfNVh8PFZrhNX/YhIexDxrk=', 'G4TxOgdwfNBdU+6bscw2hqt3kZYZMfoEuKZtmCxRLrF8xJCK1+L0ocd8eSQjty7d', 'PcG64iM3U1vDIVDm7HuwTSvKhuz45f/WPqYoWZvzLHcapbEfkynZkUjmDgg30eof', 'XGcq7Js3+2f2oGHGFzxJPiYsrodwK+bTw/0lKjiUd0tSWMHEjdVqzAclD1/nPksq3sGhVTN8oFeHMRE7wAt3mCLVCEXKF9JLnNeWw9vvCbs=', 'T7BWwqrn4yISEECEAnARp8UQ6kvfa8mDiwe39obQZ+Rxfj5bbo//kf+4mlTsZUEg0QM/4QBKb6sUDMsk9OTdYg==', 'T7BWwqrn4yISEECEAnARp/U1NCwfjpQ4K5UKuMbDqXSrjfU6Tf/pOCpHlHXtYnU5', 'Gg/rFkGmnFrfPAny9sQ3qerPGxlC7+cuu92x2tgXrCRkqABwTbbIR8+hJN0krbBD9OJX8s2JqeR+xICuD2u17N7KjlWCZwpg4+c7mG1xAahALfXXbu/EvJy+KsAzQlzR9bu8P4wbyuM6r6/7kdf+VQ==', 'Zh3o1d4Zr0FJ548CrzCJDMeQhe52nu1Hz4hkTFOalLT3pudJg4gGhcEax3IHwBI0R5vZR7J9mjUQ8R9MdKz/Fw==', 'Zh3o1d4Zr0FJ548CrzCJDMeQhe52nu1Hz4hkTFOalLTcCwJrbTmNGWmZutw1Di2FSZ+3JxFtC00BiemuQuq2+A=='
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@308/113@0/7
Source: C:\Users\user\AppData\Local\Temp\setup.exe Code function: 9_2_004034CC EntryPoint,SetErrorMode,GetVersionExA,GetVersionExA,GetVersionExA,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 9_2_004034CC
Source: C:\Users\user\AppData\Local\Temp\setup.exe Code function: 9_2_00404897 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA, 9_2_00404897
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Code function: 0_2_02EF46EB CreateToolhelp32Snapshot,Module32First, 0_2_02EF46EB
Source: C:\Users\user\AppData\Local\Temp\setup.exe Code function: 9_2_00402173 CoCreateInstance,MultiByteToWideChar, 9_2_00402173
Source: C:\Windows\explorer.exe File created: C:\Users\user\AppData\Roaming\bbehcjh Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Mutant created: \Sessions\1\BaseNamedObjects\C__Users_user_AppData_Roaming_GamePall_Logs_rendLog.txt
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Mutant created: NULL
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Mutant created: \Sessions\1\BaseNamedObjects\C__Users_user_AppData_Roaming_GamePall_Logs_mainLog.txt
Source: C:\Windows\explorer.exe File created: C:\Users\user\AppData\Local\Temp\9FC5.tmp Jump to behavior
Source: NhWAWEhCi7.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\explorer.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe File read: C:\Windows\System32\drivers\etc\hosts
Source: 9FC5.exe, 00000006.00000003.2128003261.00000000038FB000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: NhWAWEhCi7.exe ReversingLabs: Detection: 60%
Source: NhWAWEhCi7.exe Virustotal: Detection: 54%
Source: unknown Process created: C:\Users\user\Desktop\NhWAWEhCi7.exe "C:\Users\user\Desktop\NhWAWEhCi7.exe"
Source: unknown Process created: C:\Users\user\AppData\Roaming\bbehcjh C:\Users\user\AppData\Roaming\bbehcjh
Source: C:\Windows\explorer.exe Process created: C:\Users\user\AppData\Local\Temp\9FC5.exe C:\Users\user\AppData\Local\Temp\9FC5.exe
Source: C:\Windows\explorer.exe Process created: C:\Users\user\AppData\Local\Temp\D57C.exe C:\Users\user\AppData\Local\Temp\D57C.exe
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Process created: C:\Users\user\AppData\Local\Temp\setup.exe "C:\Users\user\AppData\Local\Temp\setup.exe"
Source: C:\Users\user\AppData\Local\Temp\setup.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe C:\Users\user\AppData\Roaming\GamePall\GamePall.exe
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; CPU OS 17_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5.1 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\user\AppData\Roaming\GamePall\debug.log" --mojo-platform-channel-handle=3176 --field-trial-handle=3180,i,14998134109693806898,1323138317393721428,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; CPU OS 17_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5.1 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Users\user\AppData\Roaming\GamePall\debug.log" --mojo-platform-channel-handle=3420 --field-trial-handle=3180,i,14998134109693806898,1323138317393721428,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; CPU OS 17_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5.1 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Users\user\AppData\Roaming\GamePall\debug.log" --mojo-platform-channel-handle=3784 --field-trial-handle=3180,i,14998134109693806898,1323138317393721428,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; CPU OS 17_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5.1 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\user\AppData\Roaming\GamePall\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1719821616869761 --launch-time-ticks=6013536112 --mojo-platform-channel-handle=4012 --field-trial-handle=3180,i,14998134109693806898,1323138317393721428,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; CPU OS 17_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5.1 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\user\AppData\Roaming\GamePall\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1719821616869761 --launch-time-ticks=6013552940 --mojo-platform-channel-handle=4092 --field-trial-handle=3180,i,14998134109693806898,1323138317393721428,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Windows\explorer.exe Process created: C:\Users\user\AppData\Local\Temp\9FC5.exe C:\Users\user\AppData\Local\Temp\9FC5.exe Jump to behavior
Source: C:\Windows\explorer.exe Process created: C:\Users\user\AppData\Local\Temp\D57C.exe C:\Users\user\AppData\Local\Temp\D57C.exe Jump to behavior
Source: C:\Windows\explorer.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\explorer.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Process created: C:\Users\user\AppData\Local\Temp\setup.exe "C:\Users\user\AppData\Local\Temp\setup.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; CPU OS 17_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5.1 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\user\AppData\Roaming\GamePall\debug.log" --mojo-platform-channel-handle=3176 --field-trial-handle=3180,i,14998134109693806898,1323138317393721428,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2 Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; CPU OS 17_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5.1 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Users\user\AppData\Roaming\GamePall\debug.log" --mojo-platform-channel-handle=3420 --field-trial-handle=3180,i,14998134109693806898,1323138317393721428,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8 Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; CPU OS 17_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5.1 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Users\user\AppData\Roaming\GamePall\debug.log" --mojo-platform-channel-handle=3784 --field-trial-handle=3180,i,14998134109693806898,1323138317393721428,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8 Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; CPU OS 17_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5.1 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\user\AppData\Roaming\GamePall\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1719821616869761 --launch-time-ticks=6013536112 --mojo-platform-channel-handle=4012 --field-trial-handle=3180,i,14998134109693806898,1323138317393721428,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1 Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; CPU OS 17_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5.1 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\user\AppData\Roaming\GamePall\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1719821616869761 --launch-time-ticks=6013552940 --mojo-platform-channel-handle=4092 --field-trial-handle=3180,i,14998134109693806898,1323138317393721428,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1 Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Section loaded: msvcr100.dll Jump to behavior
Source: C:\Windows\explorer.exe Section loaded: taskschd.dll Jump to behavior
Source: C:\Windows\explorer.exe Section loaded: webio.dll Jump to behavior
Source: C:\Windows\explorer.exe Section loaded: windows.internal.shell.broker.dll Jump to behavior
Source: C:\Windows\explorer.exe Section loaded: mfsrcsnk.dll Jump to behavior
Source: C:\Windows\explorer.exe Section loaded: cdprt.dll Jump to behavior
Source: C:\Windows\explorer.exe Section loaded: smartscreenps.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbehcjh Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbehcjh Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbehcjh Section loaded: msvcr100.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: webio.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: acgenral.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: msacm32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: firewallapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: fwbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Section loaded: fwpolicyiomgr.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: mmdevapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: devobj.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: audioses.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: windows.ui.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: windowmanagementapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: inputhost.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: rasapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: rasman.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: rtutils.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: chrome_elf.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: mscms.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: coloradapterclient.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: mdmregistration.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: mdmregistration.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: omadmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: dmcmnutils.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: iri.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: dsreg.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: chrome_elf.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: mf.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: mfplat.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: rtworkq.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: dwmapi.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: chrome_elf.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: chrome_elf.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: chrome_elf.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: slc.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: sppc.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: slc.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: sppc.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: slc.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: sppc.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: slc.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: sppc.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: edputil.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: netutils.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: appresolver.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: slc.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: sppc.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Section loaded: profapi.dll
Source: C:\Windows\explorer.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\setup.exe Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GamePall Jump to behavior
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe File opened: C:\Windows\SysWOW64\msvcr100.dll Jump to behavior
Source: NhWAWEhCi7.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: Y:\work\CEF3_git\chromium\src\out\Release_GN_x86\WidevineCdm\_platform_specific\win_x86\widevinecdmadapter.dll.pdb source: widevinecdmadapter.dll.9.dr
Source: Binary string: libEGL.dll.pdb source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\work\newContent\secondBranch\cefglue-main\CefGlue\obj\Release\net40\Xilium.CefGlue.pdb source: GamePall.exe, GamePall.exe, 0000000A.00000002.3684752300.0000000005492000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: e:\work\newContent\secondBranch\new\GamePall\obj\Release\GamePall.pdb source: GamePall.exe, 0000000A.00000000.3346816401.0000000000662000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: E:\work\newContent\secondBranch\cefglue-main\CefGlue\obj\Release\net40\Xilium.CefGlue.pdbSHA256 source: GamePall.exe, 0000000A.00000002.3684752300.0000000005492000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: c:\log4net\tags\2.0.8RC1\bin\net\4.0\release\log4net.pdbLK source: GamePall.exe, 00000013.00000002.3452823572.00000000058D2000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: Y:\work\CEF3_git\chromium\src\out\Release_GN_x86\WidevineCdm\_platform_specific\win_x86\widevinecdmadapter.dll.pdbGCTL source: widevinecdmadapter.dll.9.dr
Source: Binary string: *?|<>/":%s%s.dllC:\Users\user\AppData\Roaming\GamePall\GamePall.exeewall.dllll.pdbC:\Users\user\AppData\Roaming\GamePall\Uninstall.exemePalll source: setup.exe, 00000009.00000002.3698724349.000000000040A000.00000004.00000001.01000000.0000000C.sdmp
Source: Binary string: c:\log4net\tags\2.0.8RC1\bin\net\4.0\release\log4net.pdb source: GamePall.exe, GamePall.exe, 00000013.00000002.3452823572.00000000058D2000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: libGLESv2.dll.pdb source: setup.exe, 00000009.00000002.3699342770.0000000002734000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Xilium.CefGlue.pdb source: setup.exe, 00000009.00000002.3699086697.00000000006B9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \swiftshaderXilium.CefGlue.pdb source: setup.exe, 00000009.00000002.3699086697.00000000006B9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Y:\work\CEF3_git\chromium\src\out\Release_GN_x86\libGLESv2.dll.pdb source: libGLESv2.dll0.9.dr

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Unpacked PE file: 0.2.NhWAWEhCi7.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;
Source: C:\Users\user\AppData\Roaming\bbehcjh Unpacked PE file: 5.2.bbehcjh.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;
Binary contains a suspicious time stamp
Source: Newtonsoft.Json.dll.9.dr Static PE information: 0xF68F744F [Mon Jan 31 06:35:59 2101 UTC]
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .vmpLp
PE file contains sections with non-standard names
Source: 9FC5.exe.1.dr Static PE information: section name: .vmpLp
Source: 9FC5.exe.1.dr Static PE information: section name: .vmpLp
Source: 9FC5.exe.1.dr Static PE information: section name: .vmpLp
Source: libGLESv2.dll.9.dr Static PE information: section name: .00cfg
Source: libGLESv2.dll.9.dr Static PE information: section name: .voltbl
Source: chrome_elf.dll.9.dr Static PE information: section name: .00cfg
Source: chrome_elf.dll.9.dr Static PE information: section name: .crthunk
Source: chrome_elf.dll.9.dr Static PE information: section name: CPADinfo
Source: chrome_elf.dll.9.dr Static PE information: section name: malloc_h
Source: libEGL.dll.9.dr Static PE information: section name: .00cfg
Source: libGLESv2.dll0.9.dr Static PE information: section name: .00cfg
Source: libcef.dll.9.dr Static PE information: section name: .00cfg
Source: libcef.dll.9.dr Static PE information: section name: .rodata
Source: libcef.dll.9.dr Static PE information: section name: CPADinfo
Source: libcef.dll.9.dr Static PE information: section name: malloc_h
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Code function: 0_2_00408616 push eax; retf 0000h 0_2_00408619
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Code function: 0_2_00401CD1 push ecx; ret 0_2_00401CD2
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Code function: 0_2_004084E6 push FFFFFFFBh; iretd 0_2_004084FC
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Code function: 0_2_00401C91 push 00000076h; iretd 0_2_00401C93
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Code function: 0_2_00402E96 push B92A2F4Ch; retf 0_2_00402E9B
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Code function: 0_2_02E72EFD push B92A2F4Ch; retf 0_2_02E72F02
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Code function: 0_2_02E71CF8 push 00000076h; iretd 0_2_02E71CFA
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Code function: 0_2_02E7867D push eax; retf 0000h 0_2_02E78680
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Code function: 0_2_02E7854D push FFFFFFFBh; iretd 0_2_02E78563
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Code function: 0_2_02E71D38 push ecx; ret 0_2_02E71D39
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Code function: 0_2_02EED7E4 push eax; retf 0_2_02EED7E5
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Code function: 0_2_02EFC1BB push FFFFFFFBh; iretd 0_2_02EFC1D1
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Code function: 0_2_02EFA13D push edx; ret 0_2_02EFA13E
Source: C:\Users\user\AppData\Roaming\bbehcjh Code function: 5_2_00408616 push eax; retf 0000h 5_2_00408619
Source: C:\Users\user\AppData\Roaming\bbehcjh Code function: 5_2_00401CD1 push ecx; ret 5_2_00401CD2
Source: C:\Users\user\AppData\Roaming\bbehcjh Code function: 5_2_004084E6 push FFFFFFFBh; iretd 5_2_004084FC
Source: C:\Users\user\AppData\Roaming\bbehcjh Code function: 5_2_00401C91 push 00000076h; iretd 5_2_00401C93
Source: C:\Users\user\AppData\Roaming\bbehcjh Code function: 5_2_00402E96 push B92A2F4Ch; retf 5_2_00402E9B
Source: C:\Users\user\AppData\Roaming\bbehcjh Code function: 5_2_02C52EFD push B92A2F4Ch; retf 5_2_02C52F02
Source: C:\Users\user\AppData\Roaming\bbehcjh Code function: 5_2_02C51CF8 push 00000076h; iretd 5_2_02C51CFA
Source: C:\Users\user\AppData\Roaming\bbehcjh Code function: 5_2_02C5867D push eax; retf 0000h 5_2_02C58680
Source: C:\Users\user\AppData\Roaming\bbehcjh Code function: 5_2_02C5854D push FFFFFFFBh; iretd 5_2_02C58563
Source: C:\Users\user\AppData\Roaming\bbehcjh Code function: 5_2_02C51D38 push ecx; ret 5_2_02C51D39
Source: C:\Users\user\AppData\Roaming\bbehcjh Code function: 5_2_02C8B0E3 push FFFFFFFBh; iretd 5_2_02C8B0F9
Source: C:\Users\user\AppData\Roaming\bbehcjh Code function: 5_2_02C89065 push edx; ret 5_2_02C89066
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Code function: 10_2_053EF45F push dword ptr [esp+ecx*2-75h]; ret 10_2_053EF463
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Code function: 10_2_0622B6C7 push eax; ret 10_2_0622B6D5
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Code function: 10_2_0622A7A1 push CA40068Eh; iretd 10_2_0622A7A6
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Code function: 10_2_06220FCB pushfd ; iretd 10_2_06220FDB
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Code function: 10_2_06226D91 push esi; ret 10_2_06226D9B
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Code function: 10_2_0622BA68 pushfd ; iretd 10_2_0622BB25
Source: NhWAWEhCi7.exe Static PE information: section name: .text entropy: 7.742934136238854
Source: bbehcjh.1.dr Static PE information: section name: .text entropy: 7.742934136238854
Source: Ionic.Zip.dll.9.dr Static PE information: section name: .text entropy: 6.821349263259562
Drops PE files
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\GamePall\log4net.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\GamePall\swiftshader\libEGL.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\GamePall\d3dcompiler_47.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\GamePall\Uninstall.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\GamePall\swiftshader\libGLESv2.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\GamePall\chrome_elf.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\GamePall\d3dcompiler_43.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\D57C.exe File created: C:\Users\user\AppData\Local\Temp\nslCBA9.tmp\INetC.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\GamePall\libEGL.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\GamePall\vulkan-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\D57C.exe File created: C:\Users\user\AppData\Local\Temp\nslCBA9.tmp\nsProcess.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Local\Temp\nsk862A.tmp\liteFirewall.dll Jump to dropped file
Source: C:\Windows\explorer.exe File created: C:\Users\user\AppData\Local\Temp\9FC5.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\GamePall\Del.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\GamePall\Ionic.Zip.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\D57C.exe File created: C:\Users\user\AppData\Local\Temp\nslCBA9.tmp\blowfish.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\GamePall\Xilium.CefGlue.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\GamePall\libcef.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\GamePall\widevinecdmadapter.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Jump to dropped file
Source: C:\Windows\explorer.exe File created: C:\Users\user\AppData\Roaming\bbehcjh Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\GamePall\libGLESv2.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\GamePall\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe File created: C:\Users\user\AppData\Roaming\GamePall\vk_swiftshader.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\D57C.exe File created: C:\Users\user\AppData\Local\Temp\setup.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\D57C.exe File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\huge[1].dat Jump to dropped file
Source: C:\Windows\explorer.exe File created: C:\Users\user\AppData\Local\Temp\D57C.exe Jump to dropped file
Drops files with a non-matching file extension (content does not match file extension)
Source: C:\Windows\explorer.exe File created: C:\Users\user\AppData\Roaming\bbehcjh Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run GamePall Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run GamePall Jump to behavior

Hooking and other Techniques for Hiding and Protection
barindex
Deletes itself after installation
Source: C:\Windows\explorer.exe File deleted: c:\users\user\desktop\nhwawehci7.exe Jump to behavior
Hides that the sample has been downloaded from the Internet (zone.identifier)
Source: C:\Windows\explorer.exe File opened: C:\Users\user\AppData\Roaming\bbehcjh:Zone.Identifier read attributes | delete Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\setup.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion
barindex
Checks if the current machine is a virtual machine (disk enumeration)
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI Jump to behavior
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI Jump to behavior
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI Jump to behavior
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI Jump to behavior
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI Jump to behavior
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbehcjh Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbehcjh Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbehcjh Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbehcjh Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbehcjh Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbehcjh Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI Jump to behavior
Query firmware table information (likely to detect VMs)
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe System information queried: FirmwareTableInformation Jump to behavior
Switches to a custom stack to bypass stack traces
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe API/Special instruction interceptor: Address: 7FFE2220E814
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe API/Special instruction interceptor: Address: 7FFE2220D584
Source: C:\Users\user\AppData\Roaming\bbehcjh API/Special instruction interceptor: Address: 7FFE2220E814
Source: C:\Users\user\AppData\Roaming\bbehcjh API/Special instruction interceptor: Address: 7FFE2220D584
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe API/Special instruction interceptor: Address: 826310
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe API/Special instruction interceptor: Address: C37E15
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe API/Special instruction interceptor: Address: C120B2
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe API/Special instruction interceptor: Address: 928181
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe API/Special instruction interceptor: Address: 874080
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe API/Special instruction interceptor: Address: 93F069
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe API/Special instruction interceptor: Address: 834E89
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe API/Special instruction interceptor: Address: 965B80
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: EE0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 29D0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 2820000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 1210000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 2D40000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 2B00000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 2200000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 2470000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 2280000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 12A0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 3000000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 2E60000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 1200000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 2CB0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 4CB0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 1590000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 3270000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 2FB0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 31A0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 33D0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 3210000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 17B0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 32A0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 2FC0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 11B0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 2DE0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 2C30000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 1120000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 2900000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 4900000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 1160000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 2B60000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 4B60000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: EA0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 2850000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 4850000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 2B10000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 2CF0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 4CF0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 13F0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 3140000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 5140000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: D10000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 2B40000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: D10000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 1620000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 30F0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 16D0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 7F0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 2600000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 2430000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 1330000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 2D70000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 4D70000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 1350000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 2E10000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 2C10000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 1310000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 2F20000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 2D20000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 1700000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 3140000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 2F00000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: B50000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 2780000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 25F0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 14A0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 2F70000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 4F70000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 1070000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 2E90000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 2B90000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 1220000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 2CC0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 1280000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 1200000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 2D90000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 13E0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 2C20000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 2DE0000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: 4DE0000 memory reserve | memory write watch
Contains long sleeps (>= 3 min)
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Thread delayed: delay time: 600000 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Windows\explorer.exe Window / User API: threadDelayed 481 Jump to behavior
Source: C:\Windows\explorer.exe Window / User API: threadDelayed 1092 Jump to behavior
Source: C:\Windows\explorer.exe Window / User API: threadDelayed 958 Jump to behavior
Source: C:\Windows\explorer.exe Window / User API: threadDelayed 361 Jump to behavior
Source: C:\Windows\explorer.exe Window / User API: threadDelayed 3592 Jump to behavior
Source: C:\Windows\explorer.exe Window / User API: foregroundWindowGot 864 Jump to behavior
Source: C:\Windows\explorer.exe Window / User API: foregroundWindowGot 884 Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\AppData\Local\Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\GamePall\log4net.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\GamePall\swiftshader\libEGL.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\GamePall\Del.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\GamePall\Ionic.Zip.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\GamePall\d3dcompiler_47.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\GamePall\Uninstall.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\GamePall\swiftshader\libGLESv2.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nslCBA9.tmp\blowfish.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\GamePall\Xilium.CefGlue.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\GamePall\libcef.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\GamePall\widevinecdmadapter.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\GamePall\libGLESv2.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\GamePall\d3dcompiler_43.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nslCBA9.tmp\INetC.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\GamePall\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\GamePall\libEGL.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\GamePall\vulkan-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\D57C.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nslCBA9.tmp\nsProcess.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsk862A.tmp\liteFirewall.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\setup.exe Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\GamePall\vk_swiftshader.dll Jump to dropped file
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Windows\explorer.exe TID: 7368 Thread sleep time: -109200s >= -30000s Jump to behavior
Source: C:\Windows\explorer.exe TID: 7364 Thread sleep time: -95800s >= -30000s Jump to behavior
Source: C:\Windows\explorer.exe TID: 7692 Thread sleep time: -30300s >= -30000s Jump to behavior
Source: C:\Windows\explorer.exe TID: 7688 Thread sleep time: -36100s >= -30000s Jump to behavior
Source: C:\Windows\explorer.exe TID: 7368 Thread sleep time: -359200s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe TID: 7732 Thread sleep time: -180000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe TID: 7736 Thread sleep time: -30000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe TID: 5920 Thread sleep time: -600000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe TID: 7652 Thread sleep count: 35 > 30
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Last function: Thread delayed
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Last function: Thread delayed
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Last function: Thread delayed
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Last function: Thread delayed
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\setup.exe Code function: 9_2_00405B4A CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, 9_2_00405B4A
Source: C:\Users\user\AppData\Local\Temp\setup.exe Code function: 9_2_004066FF FindFirstFileA,FindClose, 9_2_004066FF
Source: C:\Users\user\AppData\Local\Temp\setup.exe Code function: 9_2_004027AA FindFirstFileA, 9_2_004027AA
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Thread delayed: delay time: 600000 Jump to behavior
Source: explorer.exe, 00000001.00000000.1738123019.00000000098A8000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: k&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: libGLESv2.dll0.9.dr Binary or memory string: (IsLinux() && isVMWare) || (IsAndroid() && isNvidia) || (IsAndroid() && GetAndroidSdkLevel() < 27 && IsAdreno5xxOrOlder(functions)) || (!isMesa && IsMaliT8xxOrOlder(functions)) || (!isMesa && IsMaliG31OrOlder(functions))
Source: libGLESv2.dll0.9.dr Binary or memory string: VMware
Source: explorer.exe, 00000001.00000000.1737455091.0000000009815000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}$
Source: explorer.exe, 00000001.00000000.1737455091.0000000009815000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: NECVMWar VMware SATA CD00\w
Source: explorer.exe, 00000001.00000000.1738123019.00000000098A8000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 00000001.00000000.1735578881.00000000079FB000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}'
Source: explorer.exe, 00000001.00000000.1734040387.0000000001248000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000000}
Source: explorer.exe, 00000001.00000000.1735578881.00000000079FB000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000001.00000000.1738123019.0000000009977000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: VMware SATA CD00
Source: explorer.exe, 00000001.00000000.1735578881.00000000078AD000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: NXTTAVMWare
Source: libGLESv2.dll0.9.dr Binary or memory string: IIAMDARMAppleBroadcomGoogleIntelMesaMicrosoftNVIDIAImagination TechnologiesQualcommSamsung Electronics Co., Ltd.VivanteVMwareVirtIOTest
Source: explorer.exe, 00000001.00000000.1737455091.0000000009815000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f&0&000000
Source: explorer.exe, 00000001.00000000.1737455091.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1737455091.000000000982D000.00000004.00000001.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000002.2229430748.00000000011CD000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2199759534.00000000011CD000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2227498984.00000000011CD000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2185744877.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2126935511.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2227498984.00000000011A8000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000002.2229403299.00000000011A8000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2201140092.00000000011CD000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2206702267.00000000011CD000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: 9FC5.exe, 00000006.00000002.2229430748.00000000011CD000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2199759534.00000000011CD000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2227498984.00000000011CD000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2185744877.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2126935511.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2201140092.00000000011CD000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2206702267.00000000011CD000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWq=
Source: explorer.exe, 00000001.00000000.1738123019.0000000009977000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: GamePall.exe, 0000000A.00000002.3553411563.0000000000BA8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllL
Source: explorer.exe, 00000001.00000000.1735578881.0000000007A34000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWen-GBnx
Source: explorer.exe, 00000001.00000000.1737455091.0000000009660000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000er
Source: explorer.exe, 00000001.00000000.1734040387.0000000001248000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: GamePall.exe, 0000000E.00000002.3517987027.00000000011E6000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: explorer.exe, 00000001.00000000.1734040387.0000000001248000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: C:\Users\user\AppData\Local\Temp\setup.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe System information queried: CodeIntegrityInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbehcjh System information queried: CodeIntegrityInformation Jump to behavior
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbehcjh Process queried: DebugPort Jump to behavior
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Code function: 0_2_02E70D90 mov eax, dword ptr fs:[00000030h] 0_2_02E70D90
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Code function: 0_2_02E7092B mov eax, dword ptr fs:[00000030h] 0_2_02E7092B
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Code function: 0_2_02EF3FC8 push dword ptr fs:[00000030h] 0_2_02EF3FC8
Source: C:\Users\user\AppData\Roaming\bbehcjh Code function: 5_2_02C50D90 mov eax, dword ptr fs:[00000030h] 5_2_02C50D90
Source: C:\Users\user\AppData\Roaming\bbehcjh Code function: 5_2_02C5092B mov eax, dword ptr fs:[00000030h] 5_2_02C5092B
Source: C:\Users\user\AppData\Roaming\bbehcjh Code function: 5_2_02C82EF0 push dword ptr fs:[00000030h] 5_2_02C82EF0
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
Benign windows process drops PE files
Source: C:\Windows\explorer.exe File created: bbehcjh.1.dr Jump to dropped file
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\explorer.exe Network Connect: 127.0.0.127 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 188.114.97.3 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 141.8.192.6 80 Jump to behavior
Source: C:\Windows\explorer.exe Network Connect: 189.61.54.32 80 Jump to behavior
Creates a thread in another existing process (thread injection)
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Thread created: C:\Windows\explorer.exe EIP: 31719D0 Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbehcjh Thread created: unknown EIP: 8C419D0 Jump to behavior
LummaC encrypted strings found
Source: 9FC5.exe, 00000006.00000002.2228307422.000000000040D000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: pedestriankodwu.xyz
Source: 9FC5.exe, 00000006.00000002.2228307422.000000000040D000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: towerxxuytwi.xyz
Source: 9FC5.exe, 00000006.00000002.2228307422.000000000040D000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: ellaboratepwsz.xyz
Source: 9FC5.exe, 00000006.00000002.2228307422.000000000040D000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: penetratedpoopp.xyz
Source: 9FC5.exe, 00000006.00000002.2228307422.000000000040D000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: swellfrrgwwos.xyz
Source: 9FC5.exe, 00000006.00000002.2228307422.000000000040D000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: contintnetksows.shop
Source: 9FC5.exe, 00000006.00000002.2228307422.000000000040D000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: foodypannyjsud.shop
Source: 9FC5.exe, 00000006.00000002.2228307422.000000000040D000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: potterryisiw.shop
Maps a DLL or memory area into another process
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Section loaded: NULL target: C:\Windows\explorer.exe protection: read write Jump to behavior
Source: C:\Users\user\Desktop\NhWAWEhCi7.exe Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbehcjh Section loaded: NULL target: C:\Windows\explorer.exe protection: read write Jump to behavior
Source: C:\Users\user\AppData\Roaming\bbehcjh Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; CPU OS 17_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5.1 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\user\AppData\Roaming\GamePall\debug.log" --mojo-platform-channel-handle=3176 --field-trial-handle=3180,i,14998134109693806898,1323138317393721428,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2 Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; CPU OS 17_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5.1 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Users\user\AppData\Roaming\GamePall\debug.log" --mojo-platform-channel-handle=3420 --field-trial-handle=3180,i,14998134109693806898,1323138317393721428,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8 Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; CPU OS 17_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5.1 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Users\user\AppData\Roaming\GamePall\debug.log" --mojo-platform-channel-handle=3784 --field-trial-handle=3180,i,14998134109693806898,1323138317393721428,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8 Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; CPU OS 17_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5.1 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\user\AppData\Roaming\GamePall\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1719821616869761 --launch-time-ticks=6013536112 --mojo-platform-channel-handle=4012 --field-trial-handle=3180,i,14998134109693806898,1323138317393721428,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1 Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; CPU OS 17_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5.1 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\user\AppData\Roaming\GamePall\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1719821616869761 --launch-time-ticks=6013552940 --mojo-platform-channel-handle=4092 --field-trial-handle=3180,i,14998134109693806898,1323138317393721428,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1 Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "C:\Users\user\AppData\Roaming\GamePall\GamePall.exe"
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: unknown unknown
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "c:\users\user\appdata\roaming\gamepall\gamepall.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="mozilla/5.0 (macintosh; cpu os 17_5_1 like mac os x) applewebkit/605.1.15 (khtml, like gecko) version/17.5.1 mobile/15e148 safari/604.1" --lang=en-us --user-data-dir="c:\users\user\appdata\local\cef\user data" --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --log-file="c:\users\user\appdata\roaming\gamepall\debug.log" --mojo-platform-channel-handle=3176 --field-trial-handle=3180,i,14998134109693806898,1323138317393721428,262144 --disable-features=backforwardcache,calculatenativewinocclusion,documentpictureinpictureapi /prefetch:2
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "c:\users\user\appdata\roaming\gamepall\gamepall.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-us --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="mozilla/5.0 (macintosh; cpu os 17_5_1 like mac os x) applewebkit/605.1.15 (khtml, like gecko) version/17.5.1 mobile/15e148 safari/604.1" --lang=en-us --user-data-dir="c:\users\user\appdata\local\cef\user data" --log-file="c:\users\user\appdata\roaming\gamepall\debug.log" --mojo-platform-channel-handle=3420 --field-trial-handle=3180,i,14998134109693806898,1323138317393721428,262144 --disable-features=backforwardcache,calculatenativewinocclusion,documentpictureinpictureapi /prefetch:8
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "c:\users\user\appdata\roaming\gamepall\gamepall.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-us --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="mozilla/5.0 (macintosh; cpu os 17_5_1 like mac os x) applewebkit/605.1.15 (khtml, like gecko) version/17.5.1 mobile/15e148 safari/604.1" --lang=en-us --user-data-dir="c:\users\user\appdata\local\cef\user data" --log-file="c:\users\user\appdata\roaming\gamepall\debug.log" --mojo-platform-channel-handle=3784 --field-trial-handle=3180,i,14998134109693806898,1323138317393721428,262144 --disable-features=backforwardcache,calculatenativewinocclusion,documentpictureinpictureapi /prefetch:8
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "c:\users\user\appdata\roaming\gamepall\gamepall.exe" --type=renderer --log-severity=disable --user-agent="mozilla/5.0 (macintosh; cpu os 17_5_1 like mac os x) applewebkit/605.1.15 (khtml, like gecko) version/17.5.1 mobile/15e148 safari/604.1" --user-data-dir="c:\users\user\appdata\local\cef\user data" --first-renderer-process --no-sandbox --log-file="c:\users\user\appdata\roaming\gamepall\debug.log" --lang=en-us --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1719821616869761 --launch-time-ticks=6013536112 --mojo-platform-channel-handle=4012 --field-trial-handle=3180,i,14998134109693806898,1323138317393721428,262144 --disable-features=backforwardcache,calculatenativewinocclusion,documentpictureinpictureapi /prefetch:1
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "c:\users\user\appdata\roaming\gamepall\gamepall.exe" --type=renderer --log-severity=disable --user-agent="mozilla/5.0 (macintosh; cpu os 17_5_1 like mac os x) applewebkit/605.1.15 (khtml, like gecko) version/17.5.1 mobile/15e148 safari/604.1" --user-data-dir="c:\users\user\appdata\local\cef\user data" --no-sandbox --log-file="c:\users\user\appdata\roaming\gamepall\debug.log" --lang=en-us --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1719821616869761 --launch-time-ticks=6013552940 --mojo-platform-channel-handle=4092 --field-trial-handle=3180,i,14998134109693806898,1323138317393721428,262144 --disable-features=backforwardcache,calculatenativewinocclusion,documentpictureinpictureapi /prefetch:1
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "c:\users\user\appdata\roaming\gamepall\gamepall.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="mozilla/5.0 (macintosh; cpu os 17_5_1 like mac os x) applewebkit/605.1.15 (khtml, like gecko) version/17.5.1 mobile/15e148 safari/604.1" --lang=en-us --user-data-dir="c:\users\user\appdata\local\cef\user data" --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --log-file="c:\users\user\appdata\roaming\gamepall\debug.log" --mojo-platform-channel-handle=3176 --field-trial-handle=3180,i,14998134109693806898,1323138317393721428,262144 --disable-features=backforwardcache,calculatenativewinocclusion,documentpictureinpictureapi /prefetch:2 Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "c:\users\user\appdata\roaming\gamepall\gamepall.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-us --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="mozilla/5.0 (macintosh; cpu os 17_5_1 like mac os x) applewebkit/605.1.15 (khtml, like gecko) version/17.5.1 mobile/15e148 safari/604.1" --lang=en-us --user-data-dir="c:\users\user\appdata\local\cef\user data" --log-file="c:\users\user\appdata\roaming\gamepall\debug.log" --mojo-platform-channel-handle=3420 --field-trial-handle=3180,i,14998134109693806898,1323138317393721428,262144 --disable-features=backforwardcache,calculatenativewinocclusion,documentpictureinpictureapi /prefetch:8 Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "c:\users\user\appdata\roaming\gamepall\gamepall.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-us --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="mozilla/5.0 (macintosh; cpu os 17_5_1 like mac os x) applewebkit/605.1.15 (khtml, like gecko) version/17.5.1 mobile/15e148 safari/604.1" --lang=en-us --user-data-dir="c:\users\user\appdata\local\cef\user data" --log-file="c:\users\user\appdata\roaming\gamepall\debug.log" --mojo-platform-channel-handle=3784 --field-trial-handle=3180,i,14998134109693806898,1323138317393721428,262144 --disable-features=backforwardcache,calculatenativewinocclusion,documentpictureinpictureapi /prefetch:8 Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "c:\users\user\appdata\roaming\gamepall\gamepall.exe" --type=renderer --log-severity=disable --user-agent="mozilla/5.0 (macintosh; cpu os 17_5_1 like mac os x) applewebkit/605.1.15 (khtml, like gecko) version/17.5.1 mobile/15e148 safari/604.1" --user-data-dir="c:\users\user\appdata\local\cef\user data" --first-renderer-process --no-sandbox --log-file="c:\users\user\appdata\roaming\gamepall\debug.log" --lang=en-us --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --time-ticks-at-unix-epoch=-1719821616869761 --launch-time-ticks=6013536112 --mojo-platform-channel-handle=4012 --field-trial-handle=3180,i,14998134109693806898,1323138317393721428,262144 --disable-features=backforwardcache,calculatenativewinocclusion,documentpictureinpictureapi /prefetch:1 Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Process created: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe "c:\users\user\appdata\roaming\gamepall\gamepall.exe" --type=renderer --log-severity=disable --user-agent="mozilla/5.0 (macintosh; cpu os 17_5_1 like mac os x) applewebkit/605.1.15 (khtml, like gecko) version/17.5.1 mobile/15e148 safari/604.1" --user-data-dir="c:\users\user\appdata\local\cef\user data" --no-sandbox --log-file="c:\users\user\appdata\roaming\gamepall\debug.log" --lang=en-us --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1719821616869761 --launch-time-ticks=6013552940 --mojo-platform-channel-handle=4092 --field-trial-handle=3180,i,14998134109693806898,1323138317393721428,262144 --disable-features=backforwardcache,calculatenativewinocclusion,documentpictureinpictureapi /prefetch:1 Jump to behavior
Source: explorer.exe, 00000001.00000000.1734345656.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1737455091.0000000009815000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1735394028.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000001.00000000.1734345656.00000000018A0000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progman
Source: explorer.exe, 00000001.00000000.1734040387.0000000001248000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: 1Progman$
Source: explorer.exe, 00000001.00000000.1734345656.00000000018A0000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: Progmanlock
Source: explorer.exe, 00000001.00000000.1734345656.00000000018A0000.00000002.00000001.00040000.00000000.sdmp Binary or memory string: }Program Manager
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\log4net.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\Xilium.CefGlue.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\Newtonsoft.Json.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\log4net.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Users\user\AppData\Roaming\GamePall\Xilium.CefGlue.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\setup.exe Code function: 9_2_004034CC EntryPoint,SetErrorMode,GetVersionExA,GetVersionExA,GetVersionExA,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 9_2_004034CC
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
AV process strings found (often used to terminate AV products)
Source: 9FC5.exe, 00000006.00000003.2199759534.00000000011CD000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2199874721.0000000001270000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2206598925.0000000001240000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2199469445.000000000126F000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000002.2229640977.0000000001240000.00000004.00000020.00020000.00000000.sdmp, 9FC5.exe, 00000006.00000003.2201140092.00000000011CD000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information
barindex
Yara detected LummaC Stealer
Source: Yara match File source: Process Memory Space: 9FC5.exe PID: 7716, type: MEMORYSTR
Yara detected SmokeLoader
Source: Yara match File source: 00000000.00000002.1751297213.0000000002E80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1751333765.0000000002EA1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.1990748003.0000000004851000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.1990664978.0000000004820000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Found many strings related to Crypto-Wallets (likely being stolen)
Source: 9FC5.exe, 00000006.00000002.2229430748.00000000011CD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Wallets/Electrum
Source: 9FC5.exe, 00000006.00000002.2229611339.0000000001235000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: s/ElectronCash
Source: 9FC5.exe, 00000006.00000002.2229430748.00000000011CD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: window-state.json
Source: 9FC5.exe, 00000006.00000003.2126892798.0000000001231000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: { "en": "cjelfplplebdjjenllpjcblmjkfcffne", "ez": "Jaxx Liberty" },
Source: 9FC5.exe, 00000006.00000003.2126892798.0000000001231000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: "p": "%appdata%\\Exodus\\exodus.wallet",
Source: 9FC5.exe, 00000006.00000002.2229430748.00000000011CD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: ExodusWeb3
Source: 9FC5.exe, 00000006.00000002.2229430748.00000000011CD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Wallets/Ethereum
Source: 9FC5.exe, 00000006.00000003.2185744877.00000000011CF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
Source: 9FC5.exe, 00000006.00000003.2186202154.00000000011B0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: keystore
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqlite Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.json Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj Jump to behavior
Tries to steal Crypto Currency Wallets
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Roaming\Ledger Live Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Roaming\Ledger Live Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Roaming\Binance Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Roaming\Binance Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Roaming\Electrum\wallets Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB Jump to behavior
Searches for user specific document files
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Directory queried: C:\Users\user\Documents Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Directory queried: C:\Users\user\Documents Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Directory queried: C:\Users\user\Documents\BPMLNOBVSB Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Directory queried: C:\Users\user\Documents\BPMLNOBVSB Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Directory queried: C:\Users\user\Documents\FENIVHOIKN Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Directory queried: C:\Users\user\Documents\FENIVHOIKN Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Directory queried: C:\Users\user\Documents\LTKMYBSEYZ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Directory queried: C:\Users\user\Documents\LTKMYBSEYZ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Directory queried: C:\Users\user\Documents\NWTVCDUMOB Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Directory queried: C:\Users\user\Documents\NWTVCDUMOB Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Directory queried: C:\Users\user\Documents\ONBQCLYSPU Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Directory queried: C:\Users\user\Documents\ONBQCLYSPU Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Directory queried: C:\Users\user\Documents Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Directory queried: C:\Users\user\Documents Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Directory queried: C:\Users\user\Documents\FENIVHOIKN Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Directory queried: C:\Users\user\Documents\FENIVHOIKN Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Directory queried: C:\Users\user\Documents\NWTVCDUMOB Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Directory queried: C:\Users\user\Documents\NWTVCDUMOB Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Directory queried: C:\Users\user\Documents Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9FC5.exe Directory queried: C:\Users\user\Documents Jump to behavior
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Source: C:\Users\user\AppData\Roaming\GamePall\GamePall.exe Directory queried: number of queries: 1694
Yara detected Credential Stealer
Source: Yara match File source: 00000006.00000003.2185744877.00000000011CF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: 9FC5.exe PID: 7716, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected LummaC Stealer
Source: Yara match File source: Process Memory Space: 9FC5.exe PID: 7716, type: MEMORYSTR
Yara detected SmokeLoader
Source: Yara match File source: 00000000.00000002.1751297213.0000000002E80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1751333765.0000000002EA1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.1990748003.0000000004851000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.1990664978.0000000004820000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1465150 Sample: NhWAWEhCi7.exe Startdate: 01/07/2024 Architecture: WINDOWS Score: 100 106 Found malware configuration 2->106 108 Malicious sample detected (through community Yara rule) 2->108 110 Antivirus detection for dropped file 2->110 112 8 other signatures 2->112 12 NhWAWEhCi7.exe 2->12         started        15 bbehcjh 2->15         started        process3 signatures4 140 Detected unpacking (changes PE section rights) 12->140 142 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 12->142 144 Maps a DLL or memory area into another process 12->144 146 Switches to a custom stack to bypass stack traces 12->146 17 explorer.exe 51 8 12->17 injected 148 Machine Learning detection for dropped file 15->148 150 Checks if the current machine is a virtual machine (disk enumeration) 15->150 152 Creates a thread in another existing process (thread injection) 15->152 process5 dnsIp6 92 141.8.192.6 SPRINTHOSTRU Russian Federation 17->92 94 189.61.54.32 CLAROSABR Brazil 17->94 96 127.0.0.127 unknown unknown 17->96 68 C:\Users\user\AppData\Roaming\bbehcjh, PE32 17->68 dropped 70 C:\Users\user\AppData\Local\Temp\D57C.exe, PE32 17->70 dropped 72 C:\Users\user\AppData\Local\Temp\9FC5.exe, PE32 17->72 dropped 74 C:\Users\user\...\bbehcjh:Zone.Identifier, ASCII 17->74 dropped 120 System process connects to network (likely due to code injection or exploit) 17->120 122 Benign windows process drops PE files 17->122 124 Deletes itself after installation 17->124 126 Hides that the sample has been downloaded from the Internet (zone.identifier) 17->126 22 D57C.exe 3 35 17->22         started        26 9FC5.exe 17->26         started        file7 signatures8 process9 dnsIp10 76 C:\Users\user\AppData\Local\Temp\setup.exe, PE32 22->76 dropped 78 C:\Users\user\AppData\Local\...\blowfish.dll, PE32 22->78 dropped 80 C:\Users\user\AppData\Local\...\huge[1].dat, PE32 22->80 dropped 82 2 other files (none is malicious) 22->82 dropped 128 Antivirus detection for dropped file 22->128 130 Multi AV Scanner detection for dropped file 22->130 29 setup.exe 9 112 22->29         started        104 188.114.97.3 CLOUDFLARENETUS European Union 26->104 132 Query firmware table information (likely to detect VMs) 26->132 134 Machine Learning detection for dropped file 26->134 136 Found many strings related to Crypto-Wallets (likely being stolen) 26->136 138 4 other signatures 26->138 file11 signatures12 process13 file14 84 C:\Users\user\AppData\...\vulkan-1.dll, PE32 29->84 dropped 86 C:\Users\user\AppData\...\vk_swiftshader.dll, PE32 29->86 dropped 88 C:\Users\user\AppData\...\libGLESv2.dll, PE32 29->88 dropped 90 16 other files (13 malicious) 29->90 dropped 154 Antivirus detection for dropped file 29->154 33 GamePall.exe 17 23 29->33         started        signatures15 process16 dnsIp17 98 172.67.221.174 CLOUDFLARENETUS United States 33->98 114 Antivirus detection for dropped file 33->114 116 Multi AV Scanner detection for dropped file 33->116 118 Machine Learning detection for dropped file 33->118 37 GamePall.exe 33->37         started        39 GamePall.exe 33->39         started        42 GamePall.exe 33->42         started        44 6 other processes 33->44 signatures18 process19 dnsIp20 46 GamePall.exe 37->46         started        48 GamePall.exe 37->48         started        50 GamePall.exe 37->50         started        52 10 other processes 37->52 100 139.45.197.238 RETN-ASEU Netherlands 39->100 102 1.1.1.1 CLOUDFLARENETUS Australia 39->102 process21 process22 54 GamePall.exe 46->54         started        56 GamePall.exe 46->56         started        58 GamePall.exe 46->58         started        60 GamePall.exe 46->60         started        62 GamePall.exe 48->62         started        64 GamePall.exe 48->64         started        66 GamePall.exe 48->66         started       
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
139.45.197.238
 unknown Netherlands
9002 RETN-ASEU false
1.1.1.1
 unknown Australia
13335 CLOUDFLARENETUS false
188.114.97.3
 unknown European Union
13335 CLOUDFLARENETUS true
141.8.192.6
 unknown Russian Federation
35278 SPRINTHOSTRU true
189.61.54.32
 unknown Brazil
28573 CLAROSABR true
172.67.221.174
 unknown United States
13335 CLOUDFLARENETUS false

Private

IP
127.0.0.127

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://cx5519.com/tmp/index.php true
    http://evilos.cc/tmp/index.php true
      ellaboratepwsz.xyz true
        swellfrrgwwos.xyz true
          foodypannyjsud.shop true