File name:

AFKJourney_setup_1.4.0.0_21.exe

Full analysis: https://app.any.run/tasks/745dafba-ab90-43d3-bbca-f516bf61a948
Verdict: Malicious activity
Analysis date: November 19, 2024, 05:09:36
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

34F7328C60E00D3E43BEB8F2B69D8202

SHA1:

F3F85EAFE6EC005B9693071A06D6AFAA84D47CB3

SHA256:

F6935A53D539BB918F6B6D4425C1B54EFB7CCD5DF9E4F84E2F93669214508AE3

SSDEEP:

196608:otVHdrnGKn9HHSVT3EoM6oe9V6d+rYgOee2:otVtnbIVT3BM6oe9V6TeJ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • AFK Journey.exe (PID: 2420)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • AFKJourney_setup_1.4.0.0_21.exe (PID: 540)

    • Reads security settings of Internet Explorer

      • AFKJourney_setup_1.4.0.0_21.exe (PID: 540)
      • AFK Journey.exe (PID: 2420)
      • AFKJourneyLauncher.exe (PID: 6424)

    • Executable content was dropped or overwritten

      • AFKJourney_setup_1.4.0.0_21.exe (PID: 540)
      • AFKJourneyLauncher.exe (PID: 6424)

    • Creates a software uninstall entry

      • AFKJourney_setup_1.4.0.0_21.exe (PID: 540)

    • The process checks if it is being run in the virtual environment

      • AFK Journey.exe (PID: 2420)

    • Uses NSLOOKUP.EXE to check DNS info

      • AFK Journey.exe (PID: 2420)

    • Uses WMIC.EXE to obtain CPU information

      • AFK Journey.exe (PID: 2420)

    • Checks Windows Trust Settings

      • AFK Journey.exe (PID: 2420)

    • Adds/modifies Windows certificates

      • AFK Journey.exe (PID: 2420)

    • The process drops C-runtime libraries

      • AFKJourneyLauncher.exe (PID: 6424)

    • Uses WMIC.EXE to obtain Windows Installer data

      • AFK Journey.exe (PID: 2420)

    • Uses WMIC.EXE to obtain BIOS management information

      • AFK Journey.exe (PID: 2420)

    • Searches for installed software

      • AFK Journey.exe (PID: 2420)

    • Accesses product unique identifier via WMI (SCRIPT)

      • WMIC.exe (PID: 3024)

    • Uses WMIC.EXE to obtain information about the network interface controller

      • AFK Journey.exe (PID: 2420)

    • Drops 7-zip archiver for unpacking

      • AFKJourney_setup_1.4.0.0_21.exe (PID: 540)

    • Reads the date of Windows installation

      • AFK Journey.exe (PID: 2420)

    • The process creates files with name similar to system file names

      • AFKJourney_setup_1.4.0.0_21.exe (PID: 540)

    • Detected use of alternative data streams (AltDS)

      • AFKJourneyLauncher.exe (PID: 6424)

    • Application launched itself

      • limpcbrowserex.exe (PID: 4340)
      • limpcbrowserex.exe (PID: 6728)

    • Process drops legitimate windows executable

      • AFKJourneyLauncher.exe (PID: 6424)

    • Reads the BIOS version

      • AFK Journey.exe (PID: 2420)

  • INFO

    • Reads the computer name

      • AFKJourney_setup_1.4.0.0_21.exe (PID: 540)
      • AFKJourneyLauncher.exe (PID: 6424)
      • AFK Journey.exe (PID: 2420)
      • limpcbrowserex.exe (PID: 4340)

    • Creates files in the program directory

      • AFKJourney_setup_1.4.0.0_21.exe (PID: 540)
      • AFKJourneyLauncher.exe (PID: 6424)
      • AFK Journey.exe (PID: 2420)
      • limpcbrowserex.exe (PID: 4340)

    • Reads the machine GUID from the registry

      • AFKJourney_setup_1.4.0.0_21.exe (PID: 540)
      • AFK Journey.exe (PID: 2420)

    • The process uses the downloaded file

      • AFKJourney_setup_1.4.0.0_21.exe (PID: 540)
      • AFKJourneyLauncher.exe (PID: 6424)
      • AFK Journey.exe (PID: 2420)

    • Create files in a temporary directory

      • AFKJourney_setup_1.4.0.0_21.exe (PID: 540)
      • AFK Journey.exe (PID: 2420)

    • Checks supported languages

      • AFKJourneyLauncher.exe (PID: 6424)
      • AFK Journey.exe (PID: 2420)
      • AFKJourney_setup_1.4.0.0_21.exe (PID: 540)
      • limpcbrowserex.exe (PID: 4340)
      • UnityCrashHandler64.exe (PID: 4436)

    • Process checks computer location settings

      • AFKJourneyLauncher.exe (PID: 6424)
      • AFK Journey.exe (PID: 2420)
      • AFKJourney_setup_1.4.0.0_21.exe (PID: 540)

    • Reads security settings of Internet Explorer

      • WMIC.exe (PID: 6548)
      • WMIC.exe (PID: 1792)
      • WMIC.exe (PID: 3024)
      • WMIC.exe (PID: 5980)

    • Creates files or folders in the user directory

      • AFK Journey.exe (PID: 2420)

    • Reads the software policy settings

      • AFK Journey.exe (PID: 2420)
      • slui.exe (PID: 7136)

    • Checks proxy server information

      • AFK Journey.exe (PID: 2420)

    • Reads Environment values

      • AFK Journey.exe (PID: 2420)

    • Sends debugging messages

      • AFKJourneyLauncher.exe (PID: 6424)
      • AFK Journey.exe (PID: 2420)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2016:07:25 00:55:51+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 25088
InitializedDataSize: 141824
UninitializedDataSize: 2048
EntryPoint: 0x33b6
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.4.0.0
ProductVersionNumber: 1.4.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Shanghai Lilith Network Technology Co., Ltd.
FileDescription: AFK Journey
FileVersion: 1.4.0.0
LegalCopyright: Copyright (C) 2024
ProductName: AFK Journey
ProductVersion: 1.4.0.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
167
Monitored processes
32
Malicious processes
4
Suspicious processes
1

Behavior graph

Click at the process to see the details
start afkjourney_setup_1.4.0.0_21.exe afkjourneylauncher.exe sppextcomobj.exe no specs slui.exe slui.exe no specs afk journey.exe unitycrashhandler64.exe no specs nslookup.exe conhost.exe no specs wmic.exe no specs conhost.exe no specs wmic.exe no specs conhost.exe no specs wmic.exe no specs conhost.exe no specs wmic.exe no specs conhost.exe no specs limpcbrowserex.exe no specs limpcbrowserex.exe no specs limpcbrowserex.exe no specs limpcbrowserex.exe no specs limpcbrowserex.exe no specs limpcbrowserex.exe no specs limpcbrowserex.exe no specs limpcbrowserex.exe no specs limpcbrowserex.exe no specs limpcbrowserex.exe no specs limpcbrowserex.exe no specs limpcbrowserex.exe no specs limpcbrowserex.exe no specs limpcbrowserex.exe no specs afkjourney_setup_1.4.0.0_21.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
540"C:\Users\admin\Downloads\AFKJourney_setup_1.4.0.0_21.exe" C:\Users\admin\Downloads\AFKJourney_setup_1.4.0.0_21.exe
explorer.exe
User:
admin
Company:
Shanghai Lilith Network Technology Co., Ltd.
Integrity Level:
HIGH
Description:
AFK Journey
Exit code:
0
Version:
1.4.0.0
Modules
Images
c:\users\admin\downloads\afkjourney_setup_1.4.0.0_21.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
784"C:\Program Files (x86)\AFK Journey\AFKJourney Game\game\AFK Journey_Data\Plugins\x86_64\LIMPC\limpcbrowserex.exe" --type=gpu-process --no-sandbox --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 parksdk/1.0.0.0 browser/1.0.0.0" --lang=en --user-data-dir="C:\Users\admin\.limpc\10013832\prod\prod8bef2ba4a37b2d80540cd3f97000\cache" --windows-job-name=PCSDK-JOB-{7E89BEA3-3007-4DC5-BCD6-B9DC0FA1897B}-6728 --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\admin\.limpc\10013832\prod\prod8bef2ba4a37b2d80540cd3f97000\cache\console.log" --mojo-platform-channel-handle=1620 --field-trial-handle=1712,i,13975124076229007875,15714244379091495424,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2C:\Program Files (x86)\AFK Journey\AFKJourney Game\game\AFK Journey_Data\Plugins\x86_64\LIMPC\limpcbrowserex.exelimpcbrowserex.exe
User:
admin
Integrity Level:
HIGH
Description:
Chromium Embedded Framework (CEF) Client Application
Version:
104.4.25+gd80d467+chromium-104.0.5112.102
848\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeWMIC.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1792wmic bios get serialnumberC:\Windows\System32\wbem\WMIC.exeAFK Journey.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
WMI Commandline Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
2272"C:\Program Files (x86)\AFK Journey\AFKJourney Game\game\AFK Journey_Data\Plugins\x86_64\LIMPC\limpcbrowserex.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --ignore-certificate-errors=1 --ignore-certificate-errors=1 --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 parksdk/1.0.0.0 browser/1.0.0.0" --lang=en --user-data-dir="C:\Users\admin\.limpc\10013832\prod\prod8bef2ba4a37b2d80540cd3f97000\cache" --windows-job-name=PCSDK-JOB-{7E89BEA3-3007-4DC5-BCD6-B9DC0FA1897B}-4340 --log-file="C:\Users\admin\.limpc\10013832\prod\prod8bef2ba4a37b2d80540cd3f97000\cache\console.log" --mojo-platform-channel-handle=1644 --field-trial-handle=1692,i,2969663830885941514,14373768360442166537,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8C:\Program Files (x86)\AFK Journey\AFKJourney Game\game\AFK Journey_Data\Plugins\x86_64\LIMPC\limpcbrowserex.exelimpcbrowserex.exe
User:
admin
Integrity Level:
HIGH
Description:
Chromium Embedded Framework (CEF) Client Application
Exit code:
0
Version:
104.4.25+gd80d467+chromium-104.0.5112.102
2420"C:\Program Files (x86)\AFK Journey\AFKJourney Game\game\AFK Journey.exe" --env_id=prod8bef2ba4a37b2d80540cd3f97000 --version=1.2.22.1910 --env=prodC:\Program Files (x86)\AFK Journey\AFKJourney Game\game\AFK Journey.exe
AFKJourneyLauncher.exe
User:
admin
Integrity Level:
HIGH
Version:
2021.3.37.0
Modules
Images
c:\program files (x86)\afk journey\afkjourney game\game\afk journey.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
2444"C:\Program Files (x86)\AFK Journey\AFKJourney Game\game\AFK Journey_Data\Plugins\x86_64\LIMPC\limpcbrowserex.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --no-sandbox --ignore-certificate-errors=1 --ignore-certificate-errors=1 --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 parksdk/1.0.0.0 browser/1.0.0.0" --lang=en --user-data-dir="C:\Users\admin\.limpc\10013832\prod\prod8bef2ba4a37b2d80540cd3f97000\cache" --windows-job-name=PCSDK-JOB-{7E89BEA3-3007-4DC5-BCD6-B9DC0FA1897B}-6728 --log-file="C:\Users\admin\.limpc\10013832\prod\prod8bef2ba4a37b2d80540cd3f97000\cache\console.log" --mojo-platform-channel-handle=2356 --field-trial-handle=1712,i,13975124076229007875,15714244379091495424,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8C:\Program Files (x86)\AFK Journey\AFKJourney Game\game\AFK Journey_Data\Plugins\x86_64\LIMPC\limpcbrowserex.exelimpcbrowserex.exe
User:
admin
Integrity Level:
HIGH
Description:
Chromium Embedded Framework (CEF) Client Application
Version:
104.4.25+gd80d467+chromium-104.0.5112.102
3004C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
3024wmic csproduct get UUIDC:\Windows\System32\wbem\WMIC.exeAFK Journey.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
WMI Commandline Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
3600\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeWMIC.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
11 439
Read events
11 349
Write events
84
Delete events
6

Modification events

(PID) Process:(540) AFKJourney_setup_1.4.0.0_21.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\lilith\10013832
Operation:writeName:InstallGuid
Value:
v295e617f1-a6e1-4c6c-b02e-038eb9fed653
(PID) Process:(540) AFKJourney_setup_1.4.0.0_21.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{prod8bef2ba4a37b2d80540cd3f97000}_is1
Operation:writeName:LinkName
Value:
AFK Journey
(PID) Process:(540) AFKJourney_setup_1.4.0.0_21.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{prod8bef2ba4a37b2d80540cd3f97000}_is1
Operation:writeName:DisplayName
Value:
AFK Journey
(PID) Process:(540) AFKJourney_setup_1.4.0.0_21.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{prod8bef2ba4a37b2d80540cd3f97000}_is1
Operation:writeName:DisplayIcon
Value:
C:\Program Files (x86)\AFK Journey\AFKJourneyLauncher.exe
(PID) Process:(540) AFKJourney_setup_1.4.0.0_21.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{prod8bef2ba4a37b2d80540cd3f97000}_is1
Operation:writeName:Publisher
Value:
Shanghai Lilith Network Technology Co., Ltd.
(PID) Process:(540) AFKJourney_setup_1.4.0.0_21.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{prod8bef2ba4a37b2d80540cd3f97000}_is1
Operation:writeName:InstallTimestamp
Value:
1731992996
(PID) Process:(540) AFKJourney_setup_1.4.0.0_21.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{prod8bef2ba4a37b2d80540cd3f97000}_is1
Operation:writeName:UninstallString
Value:
"C:\Program Files (x86)\AFK Journey\AFKJourneyUninst.exe"
(PID) Process:(540) AFKJourney_setup_1.4.0.0_21.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{prod8bef2ba4a37b2d80540cd3f97000}_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files (x86)\AFK Journey
(PID) Process:(540) AFKJourney_setup_1.4.0.0_21.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{prod8bef2ba4a37b2d80540cd3f97000}_is1
Operation:writeName:LauncherName
Value:
AFKJourneyLauncher.exe
(PID) Process:(540) AFKJourney_setup_1.4.0.0_21.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{prod8bef2ba4a37b2d80540cd3f97000}_is1
Operation:writeName:DisplayVersion
Value:
1.4.0.0
Executable files
51
Suspicious files
394
Text files
189
Unknown types
0

Dropped files

PID
Process
Filename
Type
540AFKJourney_setup_1.4.0.0_21.exeC:\Program Files (x86)\AFK Journey\launcher.7z
MD5:
SHA256:
540AFKJourney_setup_1.4.0.0_21.exeC:\Users\admin\AppData\Local\Temp\nsxC1E3.tmp\NsLauncher.dllexecutable
MD5:44CFC6E4D619A5F0BE9347C31A0A3EF6
SHA256:5232C9F98F0300CC7859639DDB4278306D326101FD33734F3FCB629BA36BADDF
540AFKJourney_setup_1.4.0.0_21.exeC:\Program Files (x86)\AFK Journey\resource\img\btn_bottom.pngimage
MD5:68F84F8F2179DF7629B9446114E84C69
SHA256:9E1B5F331A08FA80480C6213A898B572977F73B25B44E3D4C9022A288E65528D
540AFKJourney_setup_1.4.0.0_21.exeC:\Program Files (x86)\AFK Journey\resource\img\btn_mini_hover.pngimage
MD5:144A9DADDB8B6DFB87BD9653D0E1263C
SHA256:C8D92AE6159E48D5BC174D375104D6C88B97B3BA1622BD6298EDF5C2C2148B6A
540AFKJourney_setup_1.4.0.0_21.exeC:\Program Files (x86)\AFK Journey\resource\img\btn_option_close.pngimage
MD5:A113EA231DC9BEBEDF86F1C19AC59EC9
SHA256:195F71B5F622B61C975BFBAA2679C6461132930832DCA5065C2B27B5D6F2495D
540AFKJourney_setup_1.4.0.0_21.exeC:\Users\admin\AppData\Local\Temp\nsxC1E3.tmp\System.dllexecutable
MD5:A4DD044BCD94E9B3370CCF095B31F896
SHA256:2E226715419A5882E2E14278940EE8EF0AA648A3EF7AF5B3DC252674111962BC
540AFKJourney_setup_1.4.0.0_21.exeC:\Program Files (x86)\AFK Journey\resource\img\btn_option_close_hover.pngimage
MD5:F57D28EF908B56424A77B5494E5933D9
SHA256:2C929B09BAAF1E7239FCCB97446AF8C27E13483D92CE9C6B9DE529BFBA91DBCC
540AFKJourney_setup_1.4.0.0_21.exeC:\Program Files (x86)\AFK Journey\GameBabyConfig.dattext
MD5:5DEE4E36EBBFB8E905D059CF6032F1FD
SHA256:B4F303417FE6F47929E04DCB5AEEB864CF2C6E13C68C381FD5E954C0CF1AF75C
540AFKJourney_setup_1.4.0.0_21.exeC:\Program Files (x86)\AFK Journey\resource\data\ver.datbinary
MD5:7B177F6E714B11F3D92DDF757BEBD4D1
SHA256:68749E3667A017A9C3BAF954845A67B3D358AAA812E3835323F5210EB1A2C91B
540AFKJourney_setup_1.4.0.0_21.exeC:\Program Files (x86)\AFK Journey\resource\cer\cacert.pemtext
MD5:B9FF41F0F273DF77E47E84544B069189
SHA256:3321130D11B1AB339D1277CBB4ACC5F58D17155060C8CDBEEF3DC8D0A69D1235
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
12
TCP/UDP connections
158
DNS requests
50
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
624
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6944
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6728
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
2420
AFK Journey.exe
GET
200
104.18.20.226:80
http://ocsp.globalsign.com/codesigningrootr45/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQVFZP5vqhCrtRN5SWf40Rn6NM1IAQUHwC%2FRoAK%2FHg5t6W0Q9lWULvOljsCEHe9DgW3WQu2HUdhUx4%2Fde0%3D
unknown
whitelisted
2420
AFK Journey.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
whitelisted
6944
svchost.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6460
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6460
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
2420
AFK Journey.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicWinProPCA2011_2011-10-19.crl%20
unknown
whitelisted
2420
AFK Journey.exe
GET
200
104.18.20.226:80
http://ocsp.globalsign.com/rootr3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCEHgDGEJFcIpBz28BuO60qVQ%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4292
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5488
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6944
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
540
AFKJourney_setup_1.4.0.0_21.exe
163.181.131.234:443
imv2-gl.farlightgames.com
US
unknown
540
AFKJourney_setup_1.4.0.0_21.exe
23.53.42.50:443
app.farlightgames.com
Akamai International B.V.
DE
unknown
4360
SearchApp.exe
92.123.104.33:443
www.bing.com
Akamai International B.V.
DE
whitelisted
624
svchost.exe
20.190.159.4:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4360
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 172.217.18.14
whitelisted
imv2-gl.farlightgames.com
  • 163.181.131.234
unknown
app.farlightgames.com
  • 23.53.42.50
  • 23.53.42.42
unknown
www.bing.com
  • 92.123.104.33
  • 92.123.104.32
  • 92.123.104.60
  • 92.123.104.59
  • 92.123.104.8
  • 92.123.104.28
  • 92.123.104.31
  • 92.123.104.52
  • 92.123.104.19
whitelisted
login.live.com
  • 20.190.159.4
  • 20.190.159.0
  • 20.190.159.23
  • 20.190.159.64
  • 40.126.31.67
  • 20.190.159.73
  • 40.126.31.69
  • 40.126.31.73
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
th.bing.com
  • 92.123.104.60
  • 92.123.104.32
  • 92.123.104.8
  • 92.123.104.34
  • 92.123.104.59
  • 92.123.104.52
  • 92.123.104.33
  • 92.123.104.38
  • 92.123.104.31
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
tsg-hdp-raw-log.data.cn-singapore-lls01-d01.sls-pub.farlightgames.com
  • 34.36.110.19
unknown
pc.crashsight.wetest.net
  • 101.33.48.102
unknown

Threats

PID
Process
Class
Message
Misc activity
ET INFO DNS Query to Alibaba Cloud CDN Domain (aliyuncs .com)
Misc activity
ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)
Misc activity
ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)
Process
Message
AFKJourneyLauncher.exe
<0> [0~-1] (*), Disk: 0, Buffer: 0
AFKJourneyLauncher.exe
[downloader] Start downloading.
AFKJourneyLauncher.exe
[downloader] Target file path: C:\Program Files (x86)\AFK Journey\save\res_config.json.
AFKJourneyLauncher.exe
[downloader debug info]:STATE: INIT => CONNECT handle 0x6cee700; line 1942
AFKJourneyLauncher.exe
[downloader] CURLOPT_RESUME_FROM_LARGE: 0.
AFKJourneyLauncher.exe
[downloader debug info]:This is a debug build of libcurl, do not use in production.
AFKJourneyLauncher.exe
[downloader] URL: https://static-gl.farlightgames.com/p/pcsdk/launcher2/10076/prod8bef2ba4a37b2d80540cd3f97000/0/launcher/res_config.json.
AFKJourneyLauncher.exe
[downloader] Max speed per slice: -1.
AFKJourneyLauncher.exe
[downloader debug info]:Added connection 0. The cache now contains 0 members
AFKJourneyLauncher.exe
[downloader] Disk cache per slice: 1048576.
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
AFKJourney_setup_1.4.0.0_21.exe