Malware analysis https://anonfile.com/t8r060hao3/Gamesense_Loader_Cracked_zip Malicious activity

analyze malware

Huge database of samples and IOCs
Custom VM setup
Unlimited submissions
Interactive approach

Add for printing

URL:	https://anonfile.com/t8r060hao3/Gamesense_Loader_Cracked_zip
Full analysis:	https://app.any.run/tasks/81cdb65d-1f9f-4e51-9949-2e5238c7f929
Verdict:	Malicious activity
Threats:	A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection. NanoCore is a Remote Access Trojan or RAT. This malware is highly customizable with plugins which allow attackers to tailor its functionality to their needs. Nanocore is created with the .NET framework and it’s available for purchase for just $25 from its “official” website. Remote access trojans (RATs) are a type of malware that enables attackers to establish complete to partial control over infected computers. Such malicious programs often have a modular design, offering a wide range of functionalities for conducting illicit activities on compromised systems. Some of the most common features of RATs include access to the users’ data, webcam, and keystrokes. This malware is often distributed through phishing emails and links. Malware Trends Tracker >>>
Analysis date:	March 14, 2020, 17:24:05
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:	loader rat nanocore
Indicators:
MD5:	FB8C919B364571A960E4437BBAD6811A
SHA1:	79C28A3A1844743DFDD56E111C176DA36470D647
SHA256:	0F286A62F1107A12E5632EF2F0FBE79BFFD3679EAAFDBCBFBC19C608D6B8EE22
SSDEEP:	3:N8RGGdpnkhz+6MXQQn:2gKk/MAQn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.17843 KB3058515
Adobe Acrobat Reader DC MUI (15.023.20070)
Adobe Flash Player 26 ActiveX (26.0.0.131)
Adobe Flash Player 26 NPAPI (26.0.0.131)
Adobe Flash Player 26 PPAPI (26.0.0.131)
Adobe Refresh Manager (1.8.0)
CCleaner (5.35)
FileZilla Client 3.36.0 (3.36.0)
Google Chrome (75.0.3770.100)
Google Update Helper (1.3.34.7)
Java 8 Update 92 (8.0.920.14)
Java Auto Updater (2.8.92.14)
Microsoft .NET Framework 4.7.2 (4.7.03062)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
Mozilla Firefox 68.0.1 (x86 en-US) (68.0.1)
Notepad++ (32-bit x86) (7.5.1)
Opera 12.15 (12.15.1748)
Skype version 8.29 (8.29)
Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
VLC media player (2.2.6)
WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

Client LanguagePack Package
Client Refresh LanguagePack Package
CodecPack Basic Package
Foundation Package
IE Hyphenation Parent Package English
IE Spelling Parent Package English
IE Troubleshooters Package
InternetExplorer Optional Package
InternetExplorer Package TopLevel
KB2533623
KB2534111
KB2639308
KB2729094
KB2731771
KB2786081
KB2834140
KB2882822
KB2888049
KB2999226
KB4019990
KB976902
LocalPack AU Package
LocalPack CA Package
LocalPack GB Package
LocalPack US Package
LocalPack ZA Package
PlatformUpdate Win7 SRV08R2 Package TopLevel
ProfessionalEdition
UltimateEdition

Add for printing

MALICIOUS
- Application was dropped or rewritten from another process
  - Your File Is Ready To Download_1202536681.exe (PID: 2868)
  - Your File Is Ready To Download_1202536681.exe (PID: 2404)
  - Gamesense Loader Cracked.exe (PID: 2680)
  - Gamesense Loader Cracked.exe (PID: 2540)
  - Gamesense Loader Cracked.exe (PID: 3516)
  - Gamesense Loader Cracked.exe (PID: 924)
- Downloads executable files from the Internet
  - iexplore.exe (PID: 1928)
- Loads dropped or rewritten executable
  - Your File Is Ready To Download_1202536681.exe (PID: 2404)
- NANOCORE was detected
  - Gamesense Loader Cracked.exe (PID: 2680)
- Changes the autorun value in the registry
  - Gamesense Loader Cracked.exe (PID: 2680)
- Changes settings of System certificates
  - Your File Is Ready To Download_1202536681.exe (PID: 2404)
SUSPICIOUS
- Executed via COM
  - FlashUtil32_26_0_0_131_ActiveX.exe (PID: 2684)
- Executable content was dropped or overwritten
  - iexplore.exe (PID: 1928)
  - iexplore.exe (PID: 2884)
  - Your File Is Ready To Download_1202536681.exe (PID: 2404)
  - Gamesense Loader Cracked.exe (PID: 2680)
- Application launched itself
  - Your File Is Ready To Download_1202536681.exe (PID: 2868)
- Reads Environment values
  - Your File Is Ready To Download_1202536681.exe (PID: 2404)
- Reads Internet Cache Settings
  - Your File Is Ready To Download_1202536681.exe (PID: 2404)
- Cleans NTFS data-stream (Zone Identifier)
  - Your File Is Ready To Download_1202536681.exe (PID: 2868)
- Reads internet explorer settings
  - Your File Is Ready To Download_1202536681.exe (PID: 2404)
- Starts Internet Explorer
  - Your File Is Ready To Download_1202536681.exe (PID: 2404)
- Connects to unusual port
  - Gamesense Loader Cracked.exe (PID: 2680)
- Creates files in the user directory
  - Gamesense Loader Cracked.exe (PID: 2680)
- Adds / modifies Windows certificates
  - Your File Is Ready To Download_1202536681.exe (PID: 2404)
INFO
- Changes internet zones settings
  - iexplore.exe (PID: 2884)
  - IEXPLORE.EXE (PID: 3388)
- Creates files in the user directory
  - FlashUtil32_26_0_0_131_ActiveX.exe (PID: 2684)
  - iexplore.exe (PID: 952)
  - iexplore.exe (PID: 1928)
  - iexplore.exe (PID: 2884)
- Reads internet explorer settings
  - iexplore.exe (PID: 952)
  - iexplore.exe (PID: 1928)
- Reads Internet Cache Settings
  - iexplore.exe (PID: 952)
  - iexplore.exe (PID: 2884)
  - iexplore.exe (PID: 1928)
  - IEXPLORE.EXE (PID: 3388)
  - IEXPLORE.EXE (PID: 2760)
- Application launched itself
  - iexplore.exe (PID: 2884)
  - IEXPLORE.EXE (PID: 3388)
- Modifies the phishing filter of IE
  - iexplore.exe (PID: 2884)
- Reads settings of System Certificates
  - Your File Is Ready To Download_1202536681.exe (PID: 2404)
  - iexplore.exe (PID: 1928)
  - iexplore.exe (PID: 2884)
  - IEXPLORE.EXE (PID: 2760)
- Changes settings of System certificates
  - IEXPLORE.EXE (PID: 2760)
  - iexplore.exe (PID: 2884)
- Adds / modifies Windows certificates
  - IEXPLORE.EXE (PID: 2760)
  - iexplore.exe (PID: 2884)
- Manual execution by user
  - Gamesense Loader Cracked.exe (PID: 2680)
  - Gamesense Loader Cracked.exe (PID: 2540)
  - Gamesense Loader Cracked.exe (PID: 924)
  - Gamesense Loader Cracked.exe (PID: 3516)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID	CMD	Path	Indicators	Parent process
2884	"C:\Program Files\Internet Explorer\iexplore.exe" https://anonfile.com/t8r060hao3/Gamesense_Loader_Cracked_zip	C:\Program Files\Internet Explorer\iexplore.exe		explorer.exe
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 11.00.9600.16428 (winblue_gdr.131013-1700)
952	"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2884 CREDAT:267521 /prefetch:2	C:\Program Files\Internet Explorer\iexplore.exe		iexplore.exe
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700)
2684	C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding	C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe	—	svchost.exe
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Exit code: 0 Version: 26,0,0,131
1928	"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2884 CREDAT:2954502 /prefetch:2	C:\Program Files\Internet Explorer\iexplore.exe		iexplore.exe
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700)
2868	"C:\Users\admin\Downloads\Your File Is Ready To Download_1202536681.exe"	C:\Users\admin\Downloads\Your File Is Ready To Download_1202536681.exe	—	iexplore.exe
User: admin Company: Pogo Integrity Level: MEDIUM Description: Napalop Setup Exit code: 0 Version:
2404	"C:\Users\admin\Downloads\Your File Is Ready To Download_1202536681.exe" RSF /ppn:YWV4dQ0KChAjb3J1FQUI /ads:1 /mnl	C:\Users\admin\Downloads\Your File Is Ready To Download_1202536681.exe		Your File Is Ready To Download_1202536681.exe
User: admin Company: Pogo Integrity Level: HIGH Description: Napalop Setup Exit code: 0 Version:
3388	"C:\Program Files\Internet Explorer\IEXPLORE.EXE" https://windowsguidenews.com/9dwz4tsw3nl8toa_yeDFoR53Y6fU6CRfnkFFk3nGWss?clck=[CLICK_ID]&sid=[SUB_ID]&utm_campaign=NTY4ZwSkM49F46fxCZIxO3GwMjE0Nu6F	C:\Program Files\Internet Explorer\IEXPLORE.EXE	—	Your File Is Ready To Download_1202536681.exe
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Internet Explorer Exit code: 1 Version: 11.00.9600.16428 (winblue_gdr.131013-1700)
2760	"C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:3388 CREDAT:275457 /prefetch:2	C:\Program Files\Internet Explorer\IEXPLORE.EXE		IEXPLORE.EXE
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700)
3588	"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Downloads\Gamesense Loader Cracked.zip"	C:\Program Files\WinRAR\WinRAR.exe	—	iexplore.exe
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0
2680	"C:\Users\admin\Desktop\Gamesense Loader Cracked.exe"	C:\Users\admin\Desktop\Gamesense Loader Cracked.exe		explorer.exe
User: admin Integrity Level: MEDIUM

Add for printing

Total events

10 064

Read events

3 392

Write events

Delete events

Modification events

No data

Add for printing

Executable files

Suspicious files

168

Text files

180

Unknown types

Dropped files

PID	Process	Filename		Type
952	iexplore.exe	C:\Users\admin\AppData\Local\Temp\Low\Cab5FBC.tmp		—
		MD5:—	SHA256:—
952	iexplore.exe	C:\Users\admin\AppData\Local\Temp\Low\Tar5FBD.tmp		—
		MD5:—	SHA256:—
952	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B		binary
		MD5:BC4F6467F4B0BB6C3AE8E6AB3898A4AE	SHA256:29857E6214016743A6B6E8C7B3D6EDEE8D8213B24CEAF5F79B318D9B31DC4533
952	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\app[1].js		text
		MD5:E8E6A5F15E3D00FF686FE32F1359EDCD	SHA256:A5C081C6AC54675CC286054E56D436920490A8B2CCAD24B2DE7406CBC5F193EE
952	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_7DC3E633EDFAEFC3AA3C99552548EC2F		binary
		MD5:F21B099CE769E9638114EF2CEDE4F972	SHA256:CBF857D070FC74FA71C1491A41D3A0F1D5F65B6C495DF6210190B3EB4CA97395
952	iexplore.exe	C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\PGXAICWX.txt		text
		MD5:CCD8650C5D15962659BA52AE7C08B859	SHA256:4523F91569698FC1A4F8E663CBFD22D600527157FDEDC8BF9AD194079F517131
952	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_74167E25E5476CCA2A5946AAA61BF9E1		der
		MD5:84CBDB12DAB14AAA66363087104FF823	SHA256:FEB087A3AE5D5D210D925A72B7818D55C13E0F7AC7A7AA81BCB8D6AE844D1CCB
952	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623		der
		MD5:510AE61A7EEC5DED5B32FAC228294244	SHA256:9FDB290FD354F93D2F905E0D1EBE1197DF03D25CD3576AF9C9F6C6D9E7116D60
952	iexplore.exe	C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\anonfile[1].css		text
		MD5:CBC06DA43445DA0E78438E6380A8034D	SHA256:41D2123ADF0016A66F0AC93055CD7FD0E57D52471159EFA8A2C5E8D040CABAA9
952	iexplore.exe	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_7DC3E633EDFAEFC3AA3C99552548EC2F		der
		MD5:E701C5A019A24C83DEFA7D6B764A0CB5	SHA256:9AC6DE9A8D95EFF32BAF1188340B43481B79F5A7FFEDADCEC88CC377A94CC004

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

164

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
952	iexplore.exe	GET	200	172.217.23.131:80	http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D	US	der	468 b	whitelisted
952	iexplore.exe	GET	200	172.217.23.131:80	http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D	US	der	468 b	whitelisted
952	iexplore.exe	GET	200	104.18.20.226:80	http://ocsp.globalsign.com/rootr1/ME8wTTBLMEkwRzAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCDkbwjNvPLFRm7zMB3V80	US	der	1.49 Kb	whitelisted
952	iexplore.exe	GET	200	72.21.91.29:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAyO4MkNaokViAQGHuJB%2Ba8%3D	US	der	471 b	whitelisted
952	iexplore.exe	GET	200	172.217.23.131:80	http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCRAwJSVHJPDgIAAAAAW2d1	US	der	472 b	whitelisted
952	iexplore.exe	GET	200	23.37.43.27:80	http://s.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEGMYDTj7gJd4qdA1oxYY%2BEA%3D	NL	der	1.71 Kb	shared
952	iexplore.exe	GET	200	72.21.91.29:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQrBBNpPfHTPX6Jy6BVzyBPnBWMnQQUPnQtH89FdQR%2BP8Cihz5MQ4NRE8YCEAZxA2Ypu6Rs2Nq4b2vIbok%3D	US	der	279 b	whitelisted
952	iexplore.exe	GET	200	172.217.23.131:80	http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCRAwJSVHJPDgIAAAAAW2d1	US	der	472 b	whitelisted
952	iexplore.exe	GET	200	72.21.91.29:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQrBBNpPfHTPX6Jy6BVzyBPnBWMnQQUPnQtH89FdQR%2BP8Cihz5MQ4NRE8YCEAZxA2Ypu6Rs2Nq4b2vIbok%3D	US	der	279 b	whitelisted
952	iexplore.exe	GET	200	23.37.43.27:80	http://s.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEGMYDTj7gJd4qdA1oxYY%2BEA%3D	NL	der	1.71 Kb	shared

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
952	iexplore.exe	172.217.23.131:80	ocsp.pki.goog	Google Inc.	US	whitelisted
952	iexplore.exe	23.37.43.27:80	s.symcd.com	Akamai Technologies, Inc.	NL	whitelisted
952	iexplore.exe	72.21.91.29:80	ocsp.digicert.com	MCI Communications Services, Inc. d/b/a Verizon Business	US	whitelisted
952	iexplore.exe	151.101.2.217:443	vjs.zencdn.net	Fastly	US	suspicious
952	iexplore.exe	104.18.20.226:80	ocsp.globalsign.com	Cloudflare Inc	US	shared
952	iexplore.exe	104.18.38.148:443	shermore.info	Cloudflare Inc	US	shared
952	iexplore.exe	172.64.197.17:443	anonfile.com	Cloudflare Inc	US	shared
952	iexplore.exe	143.204.98.150:443	d3ud741uvs727m.cloudfront.net	—	US	suspicious
952	iexplore.exe	216.58.206.8:443	www.googletagmanager.com	Google Inc.	US	whitelisted
952	iexplore.exe	216.58.210.14:443	www.google-analytics.com	Google Inc.	US	whitelisted

DNS requests

Domain	IP	Reputation
anonfile.com	172.64.197.17 172.64.196.17	whitelisted
ocsp.digicert.com	72.21.91.29	whitelisted
vjs.zencdn.net	151.101.2.217 151.101.66.217 151.101.130.217 151.101.194.217	whitelisted
www.googletagmanager.com	216.58.206.8	whitelisted
shermore.info	104.18.38.148 104.18.39.148	whitelisted
d3ud741uvs727m.cloudfront.net	143.204.98.150 143.204.98.167 143.204.98.51 143.204.98.31	whitelisted
ocsp.globalsign.com	104.18.20.226 104.18.21.226	whitelisted
s.symcd.com	23.37.43.27	shared
ocsp.pki.goog	172.217.23.131	whitelisted
www.google-analytics.com	216.58.210.14	whitelisted

Threats

PID	Process	Class	Message
—	—	Potentially Bad Traffic	ET INFO DNS Query for Suspicious .icu Domain
1928	iexplore.exe	Potentially Bad Traffic	ET INFO Suspicious Domain (*.icu) in TLS SNI
1928	iexplore.exe	Potentially Bad Traffic	ET INFO Observed Let's Encrypt Certificate for Suspicious TLD (.icu)
1928	iexplore.exe	Potentially Bad Traffic	ET INFO Observed Let's Encrypt Certificate for Suspicious TLD (.icu)
1928	iexplore.exe	Potential Corporate Privacy Violation	ET POLICY PE EXE or DLL Windows file download HTTP
1928	iexplore.exe	Misc activity	ET INFO EXE - Served Attached HTTP
2680	Gamesense Loader Cracked.exe	Potentially Bad Traffic	ET POLICY DNS Query to DynDNS Domain *.ddns .net
2680	Gamesense Loader Cracked.exe	Potentially Bad Traffic	ET POLICY DNS Query to DynDNS Domain *.ddns .net

Add for printing

No debug info

General Info

https://anonfile.com/t8r060hao3/Gamesense_Loader_Cracked_zip

FB8C919B364571A960E4437BBAD6811A

79C28A3A1844743DFDD56E111C176DA36470D647

0F286A62F1107A12E5632EF2F0FBE79BFFD3679EAAFDBCBFBC19C608D6B8EE22

3:N8RGGdpnkhz+6MXQQn:2gKk/MAQn

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

Application was dropped or rewritten from another process

Downloads executable files from the Internet

Loads dropped or rewritten executable

NANOCORE was detected

Changes the autorun value in the registry

Changes settings of System certificates

SUSPICIOUS

Executed via COM

Executable content was dropped or overwritten

Application launched itself

Reads Environment values

Reads Internet Cache Settings

Cleans NTFS data-stream (Zone Identifier)

Reads internet explorer settings

Starts Internet Explorer

Connects to unusual port

Creates files in the user directory

Adds / modifies Windows certificates

INFO

Changes internet zones settings

Creates files in the user directory

Reads internet explorer settings

Reads Internet Cache Settings

Application launched itself

Modifies the phishing filter of IE

Reads settings of System Certificates

Changes settings of System certificates

Adds / modifies Windows certificates

Manual execution by user

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Information

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings