File name: | e0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03 |
Full analysis: | https://app.any.run/tasks/387382dc-0504-4fcd-a3f6-ec1718e907a1 |
Verdict: | Malicious activity |
Analysis date: | January 22, 2019, 13:38:57 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, Nullsoft Installer self-extracting archive |
MD5: | 68656A0BBBC4F20680979987FA43B259 |
SHA1: | 15DF59AC6C8FC90A9C0246ECE0DF8F6B8C520D1A |
SHA256: | E0544DD9B3F1F149446BFC3A18A9B46A4091AB87397B03E7D84B4CEEA3484D03 |
SSDEEP: | 24576:stXCT35bEN60Yc/rMegvH6RK1aeGokgwHY:sKBtV6MjvH6RIrDCY |
.exe | | | NSIS - Nullsoft Scriptable Install System (91.9) |
---|---|---|
.exe | | | Win32 Executable MS Visual C++ (generic) (3.3) |
.exe | | | Win64 Executable (generic) (3) |
.dll | | | Win32 Dynamic Link Library (generic) (0.7) |
.exe | | | Win32 Executable (generic) (0.4) |
MachineType: | Intel 386 or later, and compatibles |
---|---|
TimeStamp: | 2012:02:19 16:01:49+01:00 |
PEType: | PE32 |
LinkerVersion: | 2.22 |
CodeSize: | 35328 |
InitializedDataSize: | 20480 |
UninitializedDataSize: | 109568 |
EntryPoint: | 0x4327 |
OSVersion: | 4 |
ImageVersion: | 6 |
SubsystemVersion: | 4 |
Subsystem: | Windows GUI |
FileVersionNumber: | 1.1.1.36 |
ProductVersionNumber: | 1.1.1.36 |
FileFlagsMask: | 0x0000 |
FileFlags: | (none) |
FileOS: | Win32 |
ObjectFileType: | Executable application |
FileSubtype: | - |
LanguageCode: | English (U.S.) |
CharacterSet: | ASCII |
CompanyName: | Dafa Poker |
FileDescription: | Dafa Poker Setup |
FileVersion: | 1.1.1.35 |
LegalCopyright: | Copyright 2015 |
ProductName: | Dafa Poker |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 19-Feb-2012 15:01:49 |
Detected languages: |
|
CompanyName: | Dafa Poker |
FileDescription: | Dafa Poker Setup |
FileVersion: | 1.1.1.35 |
LegalCopyright: | Copyright 2015 |
ProductName: | Dafa Poker |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0090 |
Pages in file: | 0x0003 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x00000080 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 7 |
Time date stamp: | 19-Feb-2012 15:01:49 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00001000 | 0x00008844 | 0x00008A00 | IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.97387 |
.data | 0x0000A000 | 0x0000008C | 0x00000200 | IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 1.18031 |
.rdata | 0x0000B000 | 0x00002394 | 0x00002400 | IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.89911 |
.bss | 0x0000E000 | 0x0001ABD0 | 0x00000000 | IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0 |
.idata | 0x00029000 | 0x00001304 | 0x00001400 | IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 5.23715 |
.ndata | 0x0002B000 | 0x0000A000 | 0x00000400 | IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0 |
.rsrc | 0x00035000 | 0x00004418 | 0x00004600 | IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 5.08884 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 5.22935 | 949 | UNKNOWN | English - United States | RT_MANIFEST |
2 | 5.42203 | 3752 | UNKNOWN | English - United States | RT_ICON |
3 | 5.8385 | 2440 | UNKNOWN | English - United States | RT_ICON |
4 | 5.13155 | 1384 | UNKNOWN | English - United States | RT_ICON |
5 | 0 | 1128 | UNKNOWN | English - United States | RT_ICON |
6 | 0 | 744 | UNKNOWN | English - United States | RT_ICON |
7 | 0 | 296 | UNKNOWN | English - United States | RT_ICON |
103 | 2.6855 | 104 | UNKNOWN | English - United States | RT_GROUP_ICON |
105 | 2.72007 | 574 | UNKNOWN | English - United States | RT_DIALOG |
106 | 2.84976 | 260 | UNKNOWN | English - United States | RT_DIALOG |
ADVAPI32.dll |
COMCTL32.DLL |
GDI32.dll |
KERNEL32.dll |
SHELL32.DLL |
USER32.dll |
VERSION.dll |
ole32.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3116 | "C:\Users\admin\AppData\Local\Temp\e0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe" | C:\Users\admin\AppData\Local\Temp\e0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe | explorer.exe | |
User: admin Company: Dafa Poker Integrity Level: MEDIUM Description: Dafa Poker Setup Exit code: 0 Version: 1.1.1.35 | ||||
2292 | C:\Users\admin\AppData\Local\Temp\nsc6D14.tmp\internale0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe C:/Users/admin/AppData/Local/Temp/nsc6D14.tmp /baseInstaller='C:/Users/admin/AppData/Local/Temp/e0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe' /fallbackfolder='C:/Users/admin/AppData/Local/Temp/nsc6D14.tmp/fallbackfiles/' | C:\Users\admin\AppData\Local\Temp\nsc6D14.tmp\internale0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe | e0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe | |
User: admin Company: Dafa Poker Integrity Level: MEDIUM Description: Dafa Poker Exit code: 0 Version: 1.1.1.35 | ||||
3500 | "C:\Users\admin\AppData\Local\Dafabet Poker\casino.exe" | C:\Users\admin\AppData\Local\Dafabet Poker\casino.exe | internale0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe | |
User: admin Company: Playtech Integrity Level: MEDIUM Description: Playtech Client Engine Application Version: 17.3.1.4 | ||||
2528 | cmd /c ""C:\Users\admin\AppData\Local\Temp\22394.bat" "C:\Users\admin\AppData\Local\Temp\5392F8EB8A5F4F1E907F8446FC1B141A\"" | C:\Windows\system32\cmd.exe | — | internale0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2868 | cmd /c ""C:\Users\admin\AppData\Local\Temp\19399.bat" "C:\Users\admin\AppData\Local\Temp\nsc6D14.tmp\internale0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe"" | C:\Windows\system32\cmd.exe | — | internale0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3448 | cmd /c ""C:\Users\admin\AppData\Local\Temp\18692.bat" "C:\Users\admin\AppData\Local\Temp\e0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe"" | C:\Windows\system32\cmd.exe | — | internale0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3300 | "C:\Users\admin\AppData\Local\Dafabet Poker\data\openGLChecker.exe" | C:\Users\admin\AppData\Local\Dafabet Poker\data\openGLChecker.exe | casino.exe | |
User: admin Company: Playtech Integrity Level: MEDIUM Exit code: 0 Version: 14.6.0.1 | ||||
3708 | "C:\Users\admin\AppData\Local\Dafabet Poker\data\flashChecker.exe" | C:\Users\admin\AppData\Local\Dafabet Poker\data\flashChecker.exe | casino.exe | |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
3752 | "C:\Users\admin\AppData\Local\Dafabet Poker\data\CrashReporter.exe" | C:\Users\admin\AppData\Local\Dafabet Poker\data\CrashReporter.exe | casino.exe | |
User: admin Company: Dafa Integrity Level: MEDIUM Description: Dafa Poker Version: 18.9.7.4 | ||||
3232 | "C:\Users\admin\AppData\Local\Dafabet Poker\data\PokerClient.exe" | C:\Users\admin\AppData\Local\Dafabet Poker\data\PokerClient.exe | — | CrashReporter.exe |
User: admin Company: Dafa Integrity Level: MEDIUM Description: Dafa Poker Version: 18.9.7.4 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3116 | e0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe | C:\Users\admin\AppData\Local\Temp\nsc6D14.tmp\internale0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe | executable | |
MD5:77BFACCA17EE1D89833B57F3A746D9A0 | SHA256:38571B0965110D07C6FBF4813AB628D4017CF52C681C457FB3F184B644FB0B52 | |||
3116 | e0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe | C:\Users\admin\AppData\Local\Temp\nsc6D14.tmp\internale0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03_splash.png | image | |
MD5:0A8589DE904EEC91522C276D896216C4 | SHA256:496D42E72D7C57969F584849A8F7366783AFD39862F7F71B59D78B723225CD55 | |||
3116 | e0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe | C:\Users\admin\AppData\Local\Temp\nsc6D14.tmp\internale0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03_icon.ico | image | |
MD5:592ABE695D3FB84C8A7589B0D2553A97 | SHA256:ED59D25E5DAF4E4C89C09A4C829AC4D12F1B0E258D167760A07BCE6266CEBDA0 | |||
2292 | internale0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe | C:\Users\admin\AppData\Local\Temp\5392F8EB8A5F4F1E907F8446FC1B141A\5392F8EB8A5F4F1E907F8446FC1B141A_LogFile.txt | text | |
MD5:E99026FA36498705CE0325E38DC428B5 | SHA256:6F21F937C26DF1509BE22993F81CA0E1D3AEA256F9841EA2953EB587A7E98DAE | |||
2292 | internale0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\index[1].7ze | binary | |
MD5:4FE51B01267A11237CD19E561CF79AD5 | SHA256:6C2F0BF85BBFF04832D479F67D85ED088CA51CA030008A506A3469712F61CB19 | |||
2292 | internale0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe | C:\Users\admin\AppData\Local\Temp\5392F8EB8A5F4F1E907F8446FC1B141A\index.7ze | binary | |
MD5:4FE51B01267A11237CD19E561CF79AD5 | SHA256:6C2F0BF85BBFF04832D479F67D85ED088CA51CA030008A506A3469712F61CB19 | |||
2292 | internale0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019012220190123\index.dat | dat | |
MD5:4389B97C2AB1347E33E2F6A3EB37EFD6 | SHA256:510854ABC9773F3313A5396A315D2BDC14947EE8436FD7900F6F8FFAD9D1C498 | |||
2292 | internale0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe | C:\Users\admin\AppData\Local\Temp\5392F8EB8A5F4F1E907F8446FC1B141A\index9743.7ze | compressed | |
MD5:510884D638A28C4927AF63C40C8E2972 | SHA256:D3E04E8E268E6D065900CA354E255E5DBA049E1B8322BFA9ED476358C3466BBE | |||
2292 | internale0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe | C:\Users\admin\AppData\Local\Temp\5392F8EB8A5F4F1E907F8446FC1B141A\index.html | html | |
MD5:8898B7C57F66AD8324A80A1651B6CA65 | SHA256:3CF1B67FB82226EED705C9CDCEFECD61A6782D88523FF0ADDFCFAF40B3E2B186 | |||
2292 | internale0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\new[1].7ze | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2292 | internale0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe | GET | 200 | 205.185.208.154:80 | http://c6m7w2m9.ssl.hwcdn.net/playtech_compressed_assets/poker_dafa/index.7ze | US | binary | 207 Kb | malicious |
2292 | internale0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe | GET | 200 | 202.165.61.137:80 | http://banner.dafapunter.com/cgi-bin/download.cgi?lang=en&trackingid=na&sessionid=DLCLGLCLBJCALBAIALDC | PH | — | — | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2292 | internale0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe | 202.165.61.137:80 | banner.dafapunter.com | Gamebuilders Inc. | PH | malicious |
2292 | internale0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe | 205.185.208.154:80 | t8u4n6u7.ssl.hwcdn.net | Highwinds Network Group, Inc. | US | malicious |
2292 | internale0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe | 205.185.208.154:443 | t8u4n6u7.ssl.hwcdn.net | Highwinds Network Group, Inc. | US | malicious |
2292 | internale0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe | 174.35.117.106:443 | cachepkr-banner.141p0lcb.com | CDNetworks Inc. | US | unknown |
Domain | IP | Reputation |
---|---|---|
t8u4n6u7.ssl.hwcdn.net |
| malicious |
c6m7w2m9.ssl.hwcdn.net |
| malicious |
cachepkr-banner.141p0lcb.com |
| malicious |
banner.dafapunter.com |
| malicious |
PID | Process | Class | Message |
---|---|---|---|
2292 | internale0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe | Misc activity | SUSPICIOUS [PTsecurity] C: \ filepath observed in HTTP header |
2292 | internale0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe | Misc activity | ADWARE [PTsecurity] Win32/PlayTech.A |
2292 | internale0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe | Misc activity | ADWARE [PTsecurity] Win32/PlayTech.A |
Process | Message |
---|---|
internale0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe | batchRun file =
C:\Users\admin\AppData\Local\Temp\22394.bat
strBatFileContent=@echo off
IF NOT EXIST %1 GOTO END
SET /a i=0
:REPEAT
IF %i%==10 GOTO END
RMDIR /S /Q %1
IF NOT EXIST %1 GOTO END
ping 127.0.0.1 -n 1 -w 1000 > nul
SET /a i=%i%+1
GOTO REPEAT
:END
DEL %0
strCmdLine=
"C:\Users\admin\AppData\Local\Temp\5392F8EB8A5F4F1E907F8446FC1B141A\" |
internale0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe | batchRun file =
C:\Users\admin\AppData\Local\Temp\19399.bat
strBatFileContent=@echo off
IF NOT EXIST %1 GOTO END
SET /a i=0
:REPEAT
IF %i%==10 GOTO END
DEL %1
IF NOT EXIST %1 GOTO END
ping 127.0.0.1 -n 1 -w 1000 > nul
SET /a i=%i%+1
GOTO REPEAT
:END
DEL %0
strCmdLine=
"C:\Users\admin\AppData\Local\Temp\nsc6D14.tmp\internale0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe" |
internale0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe | batchRun file =
C:\Users\admin\AppData\Local\Temp\18692.bat
strBatFileContent=@echo off
IF NOT EXIST %1 GOTO END
SET /a i=0
:REPEAT
IF %i%==10 GOTO END
DEL %1
IF NOT EXIST %1 GOTO END
ping 127.0.0.1 -n 1 -w 1000 > nul
SET /a i=%i%+1
GOTO REPEAT
:END
DEL %0
strCmdLine=
"C:\Users\admin\AppData\Local\Temp\e0544dd9b3f1f149446bfc3a18a9b46a4091ab87397b03e7d84b4ceea3484d03.exe" |
casino.exe | *Init: 0
|
casino.exe | *Dict parse: 0
|
casino.exe | *Variables load: 0
|
casino.exe | *Sound load: 0
|
casino.exe | *Bitmap load: 0
|
casino.exe | *Bitmap slice/mosaic/etc: 0
|
casino.exe | *Font load: 0
|