Malware analysis ArenaBreakoutInfiniteMiniloader0.0.6.235(sg).exe Malicious activity

Add for printing

File name:	ArenaBreakoutInfiniteMiniloader0.0.6.235(sg).exe
Full analysis:	https://app.any.run/tasks/3f21eaa8-8211-4cb2-8650-dbea4122ad34
Verdict:	Malicious activity
Analysis date:	February 25, 2025, 13:52:48
OS:	Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME:	application/vnd.microsoft.portable-executable
File info:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:	49ECE4FBF7871DD71A110F63D50B610F
SHA1:	E231B2B71013F2162E6A00B2FC8124620C4599E5
SHA256:	5FC980F6FF110DAE9465213F196C91360EFE7C4EECA7431EE984E4D8F1A9CA70
SSDEEP:	98304:SJQjo0l7n2ygmR46higoL5gplnzceVbXn5vPStdFu1fPW0kR8WuTaMn/sUaTSDFF:OFogtLCPepDgXC+TMu

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.3636.19041.0
Adobe Acrobat (64-bit) (23.001.20093)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (6.20)
FileZilla 3.65.0 (3.65.0)
Google Chrome (122.0.6261.70)
Google Update Helper (1.3.36.51)
Java 8 Update 271 (64-bit) (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Microsoft Edge (122.0.2365.59)
Microsoft Edge Update (1.3.185.17)
Microsoft Office Professional 2019 - de-de (16.0.16026.20146)
Microsoft Office Professional 2019 - en-us (16.0.16026.20146)
Microsoft Office Professional 2019 - es-es (16.0.16026.20146)
Microsoft Office Professional 2019 - it-it (16.0.16026.20146)
Microsoft Office Professional 2019 - ja-jp (16.0.16026.20146)
Microsoft Office Professional 2019 - ko-kr (16.0.16026.20146)
Microsoft Office Professional 2019 - pt-br (16.0.16026.20146)
Microsoft Office Professional 2019 - tr-tr (16.0.16026.20146)
Microsoft Office Professionnel 2019 - fr-fr (16.0.16026.20146)
Microsoft Office профессиональный 2019 - ru-ru (16.0.16026.20146)
Microsoft OneNote - en-us (16.0.16026.20146)
Microsoft Update Health Tools (3.74.0.0)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (123.0)
Mozilla Maintenance Service (123.0)
Notepad++ (64-bit x64) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.15726.20202)
Office 16 Click-to-Run Licensing Component (16.0.16026.20146)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15928.20198)
PowerShell 7-x64 (7.3.5.0)
Skype version 8.104 (8.104)
Update for Windows 10 for x64-based Systems (KB4023057) (2.59.0.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.63.0.0)
Update for Windows 10 for x64-based Systems (KB4480730) (2.55.0.0)
Update for Windows 10 for x64-based Systems (KB5001716) (8.93.0.0)
VLC media player (3.0.11)
WinRAR 5.91 (64-bit) (5.91.0)
Windows PC Health Check (3.6.2204.08001)

Hotfixes

Client LanguagePack Package
DotNetRollup
DotNetRollup 481
FodMetadata Package
Foundation Package
Hello Face Package
InternetExplorer Optional Package
KB5003791
KB5011048
KB5015684
KB5033052
LanguageFeatures Basic en us Package
LanguageFeatures Handwriting en us Package
LanguageFeatures OCR en us Package
LanguageFeatures Speech en us Package
LanguageFeatures TextToSpeech en us Package
MSPaint FoD Package
MediaPlayer Package
Microsoft OneCore ApplicationModel Sync Desktop FOD Package
Microsoft OneCore DirectX Database FOD Package
NetFx3 OnDemand Package
Notepad FoD Package
OpenSSH Client Package
PowerShell ISE FOD Package
Printing PMCPPC FoD Package
Printing WFS FoD Package
ProfessionalEdition
QuickAssist Package
RollupFix
ServicingStack
ServicingStack 3989
StepsRecorder Package
TabletPCMath Package
UserExperience Desktop Package
WordPad FoD Package

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
- Executable content was dropped or overwritten
  - ArenaBreakoutInfiniteMiniloader0.0.6.235(sg).exe (PID: 6576)
  - VersionService.exe (PID: 6972)
- Process drops legitimate windows executable
  - VersionService.exe (PID: 6972)
- The process creates files with name similar to system file names
  - VersionService.exe (PID: 6972)
- The process drops C-runtime libraries
  - VersionService.exe (PID: 6972)
- There is functionality for taking screenshot (YARA)
  - ArenaBreakoutInfiniteMiniloader0.0.6.235(sg).exe (PID: 6576)
  - service.exe (PID: 3152)
- Uses REG/REGEDIT.EXE to modify registry
  - ArenaBreakoutInfiniteMiniloader.exe (PID: 6836)
- Reads security settings of Internet Explorer
  - ArenaBreakoutInfiniteMiniloader.exe (PID: 6836)
- Application launched itself
  - tbs_browser.exe (PID: 4952)
- Creates a software uninstall entry
  - VersionService.exe (PID: 6972)
INFO
- Create files in a temporary directory
  - ArenaBreakoutInfiniteMiniloader0.0.6.235(sg).exe (PID: 6576)
  - tbs_browser.exe (PID: 4952)
- The sample compiled with chinese language support
  - ArenaBreakoutInfiniteMiniloader0.0.6.235(sg).exe (PID: 6576)
  - VersionService.exe (PID: 6972)
- Creates files or folders in the user directory
  - ArenaBreakoutInfiniteMiniloader0.0.6.235(sg).exe (PID: 6576)
  - ArenaBreakoutInfiniteMiniloader.exe (PID: 6836)
  - VersionService.exe (PID: 6972)
  - arena_breakout_infinite_launcher.exe (PID: 5112)
  - tbs_browser.exe (PID: 5736)
  - service.exe (PID: 3152)
  - tbs_browser.exe (PID: 4952)
  - tbs_browser.exe (PID: 3680)
- Checks supported languages
  - ArenaBreakoutInfiniteMiniloader0.0.6.235(sg).exe (PID: 6576)
  - ArenaBreakoutInfiniteMiniloader.exe (PID: 6836)
  - VersionService.exe (PID: 6972)
  - arena_breakout_infinite_launcher.exe (PID: 5112)
  - service.exe (PID: 3152)
  - tbs_browser.exe (PID: 5736)
  - tbs_browser.exe (PID: 1400)
  - tbs_browser.exe (PID: 4952)
  - tbs_browser.exe (PID: 6232)
  - tbs_browser.exe (PID: 5304)
- Reads the computer name
  - ArenaBreakoutInfiniteMiniloader.exe (PID: 6836)
  - VersionService.exe (PID: 6972)
  - arena_breakout_infinite_launcher.exe (PID: 5112)
  - service.exe (PID: 3152)
  - tbs_browser.exe (PID: 4952)
- Reads the machine GUID from the registry
  - ArenaBreakoutInfiniteMiniloader.exe (PID: 6836)
  - VersionService.exe (PID: 6972)
  - arena_breakout_infinite_launcher.exe (PID: 5112)
  - service.exe (PID: 3152)
- The sample compiled with english language support
  - VersionService.exe (PID: 6972)
- Creates files in the program directory
  - VersionService.exe (PID: 6972)
  - service.exe (PID: 3152)
- Process checks computer location settings
  - ArenaBreakoutInfiniteMiniloader.exe (PID: 6836)
  - tbs_browser.exe (PID: 1400)
  - tbs_browser.exe (PID: 4952)
  - tbs_browser.exe (PID: 6232)
- Checks proxy server information
  - service.exe (PID: 3152)
  - tbs_browser.exe (PID: 4952)
- Reads CPU info
  - arena_breakout_infinite_launcher.exe (PID: 5112)
- Reads the software policy settings
  - tbs_browser.exe (PID: 4952)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Win32 Executable MS Visual C++ (generic) (42.2)
.exe	\|	Win64 Executable (generic) (37.3)
.dll	\|	Win32 Dynamic Link Library (generic) (8.8)
.exe	\|	Win32 Executable (generic) (6)
.exe	\|	Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2023:07:02 02:11:15+00:00
ImageFileCharacteristics:	No relocs, Executable, No line numbers, No symbols, 32-bit
PEType:	PE32
LinkerVersion:	6
CodeSize:	28672
InitializedDataSize:	150528
UninitializedDataSize:	2048
EntryPoint:	0x3ac9
OSVersion:	4
ImageVersion:	6
SubsystemVersion:	4
Subsystem:	Windows GUI
FileVersionNumber:	0.0.6.235
ProductVersionNumber:	0.0.6.235
FileFlagsMask:	0x0000
FileFlags:	(none)
FileOS:	Win32
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	Chinese (Simplified)
CharacterSet:	Windows, Chinese (Simplified)
Comments:	-
CompanyName:	PROXIMA BETA PTE. LIMITED
FileDescription:	-
FileVersion:	0.0.6.235
LegalCopyright:	-
LegalTrademarks:	-
ProductName:	ArenaBreakoutInfiniteMiniloader
ProductVersion:	0.0.6.235

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

146

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

1144

"C:\Arena Breakout Infinite\launcher\Service\tbs_browser.exe" --type=gpu-process --field-trial-handle=1624,17167960544772919393,4593162826503421164,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --no-sandbox --lang=en-US --user-data-dir="C:\Users\admin\AppData\Local\CEF\User Data" --disable-databases --gpu-preferences=UAAAAAAAAADgAAAIAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Arena Breakout Infinite\launcher\Service\debug.log" --mojo-platform-channel-handle=1636 /prefetch:2

C:\Arena Breakout Infinite\launcher\service\tbs_browser.exe

—

tbs_browser.exe

User:

admin

Integrity Level:

HIGH

Modules

Images
c:\arena breakout infinite\launcher\service\tbs_browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll

1400

"C:\Arena Breakout Infinite\launcher\Service\tbs_browser.exe" --type=renderer --user-data-dir="C:\Users\admin\AppData\Local\CEF\User Data" --disable-databases --no-sandbox --log-file="C:\Arena Breakout Infinite\launcher\Service\debug.log" --field-trial-handle=1624,17167960544772919393,4593162826503421164,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2336 /prefetch:1

C:\Arena Breakout Infinite\launcher\service\tbs_browser.exe

tbs_browser.exe

User:

admin

Integrity Level:

HIGH

Modules

Images
c:\arena breakout infinite\launcher\service\tbs_browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll

3152

--LauncherPID=5112 --ParentName=arena_breakout_infinite_launcher

C:\Arena Breakout Infinite\launcher\service\service.exe

arena_breakout_infinite_launcher.exe

User:

admin

Company:

PROXIMA BETA PTE. LIMITED

Integrity Level:

HIGH

Version:

2.1.0.898

Modules

Images
c:\arena breakout infinite\launcher\service\service.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll

3680

"C:\Arena Breakout Infinite\launcher\Service\tbs_browser.exe" --type=gpu-process --field-trial-handle=1624,17167960544772919393,4593162826503421164,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.3636 --no-sandbox --lang=en-US --user-data-dir="C:\Users\admin\AppData\Local\CEF\User Data" --disable-databases --gpu-preferences=UAAAAAAAAADoAAAIAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Arena Breakout Infinite\launcher\Service\debug.log" --mojo-platform-channel-handle=2100 /prefetch:2

C:\Arena Breakout Infinite\launcher\service\tbs_browser.exe

tbs_browser.exe

User:

admin

Integrity Level:

HIGH

Exit code:

Modules

Images
c:\arena breakout infinite\launcher\service\tbs_browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll

4952

--ProductName=arena_breakout_infinite_launcher --ParentPid=5112, --ParentHwnd=459458 --IPCHwnd=459410 --Rect=0,0,510,800 --Url=

C:\Arena Breakout Infinite\launcher\service\tbs_browser.exe

arena_breakout_infinite_launcher.exe

User:

admin

Integrity Level:

HIGH

Modules

Images
c:\arena breakout infinite\launcher\service\tbs_browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll

5112

"C:\Arena Breakout Infinite\launcher\arena_breakout_infinite_launcher.exe"

C:\Arena Breakout Infinite\launcher\arena_breakout_infinite_launcher.exe

ArenaBreakoutInfiniteMiniloader.exe

User:

admin

Company:

PROXIMA BETA PTE. LIMITED

Integrity Level:

HIGH

Version:

2.1.0.898

Modules

Images
c:\arena breakout infinite\launcher\arena_breakout_infinite_launcher.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll

5236

"C:\Windows\System32\regedit.exe" /s "C:\Users\admin\AppData\Roaming\arena_breakout_infinite_launcher.reg"

C:\Windows\SysWOW64\regedit.exe

—

ArenaBreakoutInfiniteMiniloader.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Registry Editor

Exit code:

Version:

10.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\syswow64\regedit.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll

5304

"C:\Arena Breakout Infinite\launcher\Service\tbs_browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1624,17167960544772919393,4593162826503421164,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --lang=en-US --service-sandbox-type=utility --no-sandbox --lang=en-US --user-data-dir="C:\Users\admin\AppData\Local\CEF\User Data" --disable-databases --log-file="C:\Arena Breakout Infinite\launcher\Service\debug.log" --mojo-platform-channel-handle=1860 /prefetch:8

C:\Arena Breakout Infinite\launcher\service\tbs_browser.exe

—

tbs_browser.exe

User:

admin

Integrity Level:

HIGH

Modules

Images
c:\arena breakout infinite\launcher\service\tbs_browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll

5736

"C:\Arena Breakout Infinite\launcher\Service\tbs_browser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1624,17167960544772919393,4593162826503421164,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --lang=en-US --service-sandbox-type=none --no-sandbox --lang=en-US --user-data-dir="C:\Users\admin\AppData\Local\CEF\User Data" --disable-databases --log-file="C:\Arena Breakout Infinite\launcher\Service\debug.log" --mojo-platform-channel-handle=1868 /prefetch:8

C:\Arena Breakout Infinite\launcher\service\tbs_browser.exe

tbs_browser.exe

User:

admin

Integrity Level:

HIGH

Modules

Images
c:\arena breakout infinite\launcher\service\tbs_browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll

6232

"C:\Arena Breakout Infinite\launcher\Service\tbs_browser.exe" --type=renderer --user-data-dir="C:\Users\admin\AppData\Local\CEF\User Data" --disable-databases --no-sandbox --log-file="C:\Arena Breakout Infinite\launcher\Service\debug.log" --field-trial-handle=1624,17167960544772919393,4593162826503421164,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2040 /prefetch:1

C:\Arena Breakout Infinite\launcher\service\tbs_browser.exe

tbs_browser.exe

User:

admin

Integrity Level:

HIGH

Modules

Images
c:\arena breakout infinite\launcher\service\tbs_browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll

Add for printing

Total events

8 687

Read events

8 673

Write events

Delete events

Modification events


(PID) Process:	(6972) VersionService.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\arena_breakout_infinite_launcher.exe
Operation:	write	Name:	InstallPath
Value: C:\Arena Breakout Infinite\launcher\arena_breakout_infinite_launcher.exe
(PID) Process:	(6972) VersionService.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\arena_breakout_infinite_launcher
Operation:	write	Name:	UninstallString
Value: C:\Arena Breakout Infinite\launcher\uninst.exe
(PID) Process:	(6972) VersionService.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\arena_breakout_infinite_launcher
Operation:	write	Name:	DisplayName
Value: Arena Breakout Infinite
(PID) Process:	(6972) VersionService.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\arena_breakout_infinite_launcher
Operation:	write	Name:	Publisher
Value:
(PID) Process:	(6972) VersionService.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\arena_breakout_infinite_launcher
Operation:	write	Name:	DisplayIcon
Value: C:\Arena Breakout Infinite\launcher\arena_breakout_infinite_launcher.exe
(PID) Process:	(6972) VersionService.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\arena_breakout_infinite_launcher
Operation:	write	Name:	DisplayVersion
Value: %version%
(PID) Process:	(6836) ArenaBreakoutInfiniteMiniloader.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:	delete value	Name:	MiniDown
Value:
(PID) Process:	(5236) regedit.exe	Key:	HKEY_CLASSES_ROOT\arenabreakoutinfinitelauncher
Operation:	write	Name:	URL Protocol
Value:
(PID) Process:	(3152) service.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Epic Games\Unreal Engine\Identifiers
Operation:	write	Name:	MachineId
Value: 55C6BF2D45FE5348B361AD81E9924759
(PID) Process:	(4952) tbs_browser.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
Operation:	delete value	Name:	2A1D6027D94AB10A1C4D915CCD33A0CB3E2D54CB
Value:

Add for printing

Executable files

123

Suspicious files

142

Text files

377

Unknown types

Dropped files

PID	Process	Filename		Type
6576	ArenaBreakoutInfiniteMiniloader0.0.6.235(sg).exe	C:\Users\admin\AppData\Local\ArenaBreakoutInfiniteMiniloader\install_script.dat		binary
		MD5:371B8AA322670F3DB28995DAE3D58D7E	SHA256:D7130E4C76E1EFFFB6D60F083E5A241BD9CA454B1227E92A876FAA65B50C05E4
6576	ArenaBreakoutInfiniteMiniloader0.0.6.235(sg).exe	C:\Users\admin\AppData\Local\ArenaBreakoutInfiniteMiniloader\Minidown.xml		binary
		MD5:02453A098EFE8F973162B9E9784285DF	SHA256:4F4DB2CFB491BB621510B167E51EBD3CB2E8CD104FF6DE3BA107DA4E82536E5D
6972	VersionService.exe	C:\Users\admin\AppData\Local\ArenaBreakoutInfiniteMiniloader\tiny_dl\Data\tiny_cache\manifest\7000020\75_3702922792539476342_0.manifest		binary
		MD5:FEBDE8FDB01DF8F5515A65610BBC7A6F	SHA256:A05C2C74B4576289CE31E8B54DC23EE8EED9DB328C5CCC671EFAD29E60CFA4C1
6576	ArenaBreakoutInfiniteMiniloader0.0.6.235(sg).exe	C:\Users\admin\AppData\Local\ArenaBreakoutInfiniteMiniloader\bugreport.ini		text
		MD5:27EC1E105337C0AD4BDDB8F2A9551F6C	SHA256:ED60CA6895464814F9E5BC132F41645630CC785FAE9FC7DA6362B5690B3A97CD
6576	ArenaBreakoutInfiniteMiniloader0.0.6.235(sg).exe	C:\Users\admin\AppData\Local\ArenaBreakoutInfiniteMiniloader\LogConfig.ini		text
		MD5:1E8CF5946A37D9A084BE613554260815	SHA256:E8A59173F505DBEDF4DD37EEC210E5E539A243E46F521A8BA8D2EC13FD99D29F
6576	ArenaBreakoutInfiniteMiniloader0.0.6.235(sg).exe	C:\Users\admin\AppData\Local\ArenaBreakoutInfiniteMiniloader\tiny_dl\VersionService.exe		executable
		MD5:1697C0182217A102EF017A2B9F42CCC9	SHA256:B2CC60FC4DC6B8E1CAB12682DB1268E3FC97AE0460A4477099A26A756482A603
6576	ArenaBreakoutInfiniteMiniloader0.0.6.235(sg).exe	C:\Users\admin\AppData\Local\ArenaBreakoutInfiniteMiniloader\res.zip		compressed
		MD5:7A48AA18DF6F224EE1AAF571704C379F	SHA256:AE6BE48320A3A951C0235657FB9EF04A80FDD49ABA926818ABA497B261218AE4
6576	ArenaBreakoutInfiniteMiniloader0.0.6.235(sg).exe	C:\Users\admin\AppData\Local\ArenaBreakoutInfiniteMiniloader\error_code.json		binary
		MD5:3E69D25E4DE00840B4EF97F890D1687F	SHA256:BA2D92CC27B62969FC7E016BFE5535B03A45C9F32C78EFB2E1018D590AE6BC60
6836	ArenaBreakoutInfiniteMiniloader.exe	C:\Users\admin\AppData\Local\ArenaBreakoutInfiniteMiniloader\LocalEncry.xml		binary
		MD5:B4DB471571B43646FC74E997938F257B	SHA256:2A6D50B6BC3519A8D384FCEFFF6A057361DB4F6FF8A58975F49E8548A564950C
6972	VersionService.exe	C:\Arena Breakout Infinite\launcher\.tiny_cache\Game_7000020.local-journal		binary
		MD5:09DAB254A33B129670C0EC618CE2A4B2	SHA256:925F1AB5759E6F89B1E83057D9B2631583239E8CDB166E05F4C3872B9BE7858D

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
—	—	GET	200	2.17.190.73:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D	unknown	—	—	whitelisted
1176	svchost.exe	GET	200	2.17.190.73:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D	unknown	—	—	whitelisted
4712	MoUsoCoreWorker.exe	GET	200	23.48.23.156:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
4712	MoUsoCoreWorker.exe	GET	200	2.16.253.202:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
6244	SIHClient.exe	GET	200	2.16.253.202:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl	unknown	—	—	whitelisted
6244	SIHClient.exe	GET	200	2.16.253.202:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl	unknown	—	—	whitelisted
6416	backgroundTaskHost.exe	GET	200	2.17.190.73:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D	unknown	—	—	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:137	—	—	—	whitelisted
4712	MoUsoCoreWorker.exe	51.104.136.2:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
5064	SearchApp.exe	2.16.204.151:443	www.bing.com	Akamai International B.V.	DE	whitelisted
5448	svchost.exe	51.104.136.2:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
—	—	2.17.190.73:80	ocsp.digicert.com	AKAMAI-AS	DE	whitelisted
244	RUXIMICS.exe	51.104.136.2:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
1176	svchost.exe	20.190.160.3:443	login.live.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
1176	svchost.exe	2.17.190.73:80	ocsp.digicert.com	AKAMAI-AS	DE	whitelisted
1076	svchost.exe	23.35.238.131:443	go.microsoft.com	AKAMAI-AS	DE	whitelisted

DNS requests

Domain	IP	Reputation
google.com	142.250.186.46	whitelisted
www.bing.com	2.16.204.151 2.16.204.145 2.16.204.153 2.16.204.149 2.16.204.138 2.16.204.147 2.16.204.155 2.16.204.148 2.16.204.141	whitelisted
ocsp.digicert.com	2.17.190.73	whitelisted
login.live.com	20.190.160.3 40.126.32.140 20.190.160.14 20.190.160.66 20.190.160.128 40.126.32.136 40.126.32.133 20.190.160.17	whitelisted
go.microsoft.com	23.35.238.131	whitelisted
sg.jupiterlauncher.com	43.134.152.122	unknown
na.fleetlogd.com	54.177.223.26 54.183.81.33	unknown
settings-win.data.microsoft.com	20.73.194.208 51.124.78.146 51.104.136.2	whitelisted
crl.microsoft.com	23.48.23.156 23.48.23.143	whitelisted
www.microsoft.com	2.16.253.202	whitelisted

Threats

No threats detected

Add for printing

Process	Message
ArenaBreakoutInfiniteMiniloader.exe	{"result":{"error_code":0,"error_message":"COMM_SUCC"}}
ArenaBreakoutInfiniteMiniloader.exe	{"result":{"error_code":0,"error_message":"COMM_SUCC"}}
ArenaBreakoutInfiniteMiniloader.exe	{"result":{"error_code":0,"error_message":"COMM_SUCC"}}
arena_breakout_infinite_launcher.exe	[2025-02-25 13:55:53 438] \| Info \| [GCloudCore] \|7124\| IniFileImp.cpp:81\|ABase::CIniFileImpl::CIniFileImpl\| load config file cost 0 us
arena_breakout_infinite_launcher.exe
arena_breakout_infinite_launcher.exe	[2025-02-25 13:55:53 438] \| Info \| [GCloudCore] \|7124\| EncryptedIniFileImp.cpp:128\|ABase::EncryptedIniFileImpl::Load\| config file C:\Arena Breakout Infinite\launcher/Cache\RemoteConfig.config is not exist
arena_breakout_infinite_launcher.exe
arena_breakout_infinite_launcher.exe	[2025-02-25 13:55:53 438] \| Info \| [GCloudCore] \|7124\| Logger.mm:634\|ABase::Logger::Init\| log init module GCloudCore, logMode 0, sync:1, use mmap:1, mmap cost 0 us
arena_breakout_infinite_launcher.exe
arena_breakout_infinite_launcher.exe	[2025-02-25 13:55:53 438] \| Info \| [GCloudCore] \|7124\| Logger.mm:129\|LogCreateThread\| CreateThread RemoveOldLogFilesThread:00000348

General Info

ArenaBreakoutInfiniteMiniloader0.0.6.235(sg).exe

49ECE4FBF7871DD71A110F63D50B610F

E231B2B71013F2162E6A00B2FC8124620C4599E5

5FC980F6FF110DAE9465213F196C91360EFE7C4EECA7431EE984E4D8F1A9CA70

98304:SJQjo0l7n2ygmR46higoL5gplnzceVbXn5vPStdFu1fPW0kR8WuTaMn/sUaTSDFF:OFogtLCPepDgXC+TMu

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

SUSPICIOUS

Executable content was dropped or overwritten

Process drops legitimate windows executable

The process creates files with name similar to system file names

The process drops C-runtime libraries

There is functionality for taking screenshot (YARA)

Uses REG/REGEDIT.EXE to modify registry

Reads security settings of Internet Explorer

Application launched itself

Creates a software uninstall entry

INFO

Create files in a temporary directory

The sample compiled with chinese language support

Creates files or folders in the user directory

Checks supported languages

Reads the computer name

Reads the machine GUID from the registry

The sample compiled with english language support

Creates files in the program directory

Process checks computer location settings

Checks proxy server information

Reads CPU info

Reads the software policy settings

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings