File name:

AFKJourney_setup_1.4.0.0_21.exe

Full analysis: https://app.any.run/tasks/745dafba-ab90-43d3-bbca-f516bf61a948
Verdict: Malicious activity
Analysis date: November 19, 2024, 05:09:36
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

34F7328C60E00D3E43BEB8F2B69D8202

SHA1:

F3F85EAFE6EC005B9693071A06D6AFAA84D47CB3

SHA256:

F6935A53D539BB918F6B6D4425C1B54EFB7CCD5DF9E4F84E2F93669214508AE3

SSDEEP:

196608:otVHdrnGKn9HHSVT3EoM6oe9V6d+rYgOee2:otVtnbIVT3BM6oe9V6TeJ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • AFK Journey.exe (PID: 2420)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • AFKJourney_setup_1.4.0.0_21.exe (PID: 540)
      • AFKJourneyLauncher.exe (PID: 6424)

    • The process creates files with name similar to system file names

      • AFKJourney_setup_1.4.0.0_21.exe (PID: 540)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • AFKJourney_setup_1.4.0.0_21.exe (PID: 540)

    • Drops 7-zip archiver for unpacking

      • AFKJourney_setup_1.4.0.0_21.exe (PID: 540)

    • Creates a software uninstall entry

      • AFKJourney_setup_1.4.0.0_21.exe (PID: 540)

    • Reads security settings of Internet Explorer

      • AFKJourney_setup_1.4.0.0_21.exe (PID: 540)
      • AFKJourneyLauncher.exe (PID: 6424)
      • AFK Journey.exe (PID: 2420)

    • Detected use of alternative data streams (AltDS)

      • AFKJourneyLauncher.exe (PID: 6424)

    • Process drops legitimate windows executable

      • AFKJourneyLauncher.exe (PID: 6424)

    • The process drops C-runtime libraries

      • AFKJourneyLauncher.exe (PID: 6424)

    • Reads the BIOS version

      • AFK Journey.exe (PID: 2420)

    • The process checks if it is being run in the virtual environment

      • AFK Journey.exe (PID: 2420)

    • Uses NSLOOKUP.EXE to check DNS info

      • AFK Journey.exe (PID: 2420)

    • Checks Windows Trust Settings

      • AFK Journey.exe (PID: 2420)

    • Uses WMIC.EXE to obtain CPU information

      • AFK Journey.exe (PID: 2420)

    • Adds/modifies Windows certificates

      • AFK Journey.exe (PID: 2420)

    • Uses WMIC.EXE to obtain BIOS management information

      • AFK Journey.exe (PID: 2420)

    • Searches for installed software

      • AFK Journey.exe (PID: 2420)

    • Uses WMIC.EXE to obtain Windows Installer data

      • AFK Journey.exe (PID: 2420)

    • Accesses product unique identifier via WMI (SCRIPT)

      • WMIC.exe (PID: 3024)

    • Uses WMIC.EXE to obtain information about the network interface controller

      • AFK Journey.exe (PID: 2420)

    • Reads the date of Windows installation

      • AFK Journey.exe (PID: 2420)

    • Application launched itself

      • limpcbrowserex.exe (PID: 6728)
      • limpcbrowserex.exe (PID: 4340)

  • INFO

    • Checks supported languages

      • AFKJourney_setup_1.4.0.0_21.exe (PID: 540)
      • AFKJourneyLauncher.exe (PID: 6424)
      • AFK Journey.exe (PID: 2420)
      • UnityCrashHandler64.exe (PID: 4436)
      • limpcbrowserex.exe (PID: 4340)

    • Reads the computer name

      • AFKJourney_setup_1.4.0.0_21.exe (PID: 540)
      • AFKJourneyLauncher.exe (PID: 6424)
      • AFK Journey.exe (PID: 2420)
      • limpcbrowserex.exe (PID: 4340)

    • Creates files in the program directory

      • AFKJourney_setup_1.4.0.0_21.exe (PID: 540)
      • AFKJourneyLauncher.exe (PID: 6424)
      • AFK Journey.exe (PID: 2420)
      • limpcbrowserex.exe (PID: 4340)

    • Reads the machine GUID from the registry

      • AFKJourney_setup_1.4.0.0_21.exe (PID: 540)
      • AFK Journey.exe (PID: 2420)

    • Create files in a temporary directory

      • AFKJourney_setup_1.4.0.0_21.exe (PID: 540)
      • AFK Journey.exe (PID: 2420)

    • Reads the software policy settings

      • slui.exe (PID: 7136)
      • AFK Journey.exe (PID: 2420)

    • The process uses the downloaded file

      • AFKJourney_setup_1.4.0.0_21.exe (PID: 540)
      • AFKJourneyLauncher.exe (PID: 6424)
      • AFK Journey.exe (PID: 2420)

    • Process checks computer location settings

      • AFKJourney_setup_1.4.0.0_21.exe (PID: 540)
      • AFKJourneyLauncher.exe (PID: 6424)
      • AFK Journey.exe (PID: 2420)

    • Sends debugging messages

      • AFKJourneyLauncher.exe (PID: 6424)
      • AFK Journey.exe (PID: 2420)

    • Reads security settings of Internet Explorer

      • WMIC.exe (PID: 6548)
      • WMIC.exe (PID: 1792)
      • WMIC.exe (PID: 3024)
      • WMIC.exe (PID: 5980)

    • Checks proxy server information

      • AFK Journey.exe (PID: 2420)

    • Creates files or folders in the user directory

      • AFK Journey.exe (PID: 2420)

    • Reads Environment values

      • AFK Journey.exe (PID: 2420)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2016:07:25 00:55:51+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 25088
InitializedDataSize: 141824
UninitializedDataSize: 2048
EntryPoint: 0x33b6
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.4.0.0
ProductVersionNumber: 1.4.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Shanghai Lilith Network Technology Co., Ltd.
FileDescription: AFK Journey
FileVersion: 1.4.0.0
LegalCopyright: Copyright (C) 2024
ProductName: AFK Journey
ProductVersion: 1.4.0.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
167
Monitored processes
32
Malicious processes
4
Suspicious processes
1

Behavior graph

Click at the process to see the details
start afkjourney_setup_1.4.0.0_21.exe afkjourneylauncher.exe sppextcomobj.exe no specs slui.exe slui.exe no specs afk journey.exe unitycrashhandler64.exe no specs nslookup.exe conhost.exe no specs wmic.exe no specs conhost.exe no specs wmic.exe no specs conhost.exe no specs wmic.exe no specs conhost.exe no specs wmic.exe no specs conhost.exe no specs limpcbrowserex.exe no specs limpcbrowserex.exe no specs limpcbrowserex.exe no specs limpcbrowserex.exe no specs limpcbrowserex.exe no specs limpcbrowserex.exe no specs limpcbrowserex.exe no specs limpcbrowserex.exe no specs limpcbrowserex.exe no specs limpcbrowserex.exe no specs limpcbrowserex.exe no specs limpcbrowserex.exe no specs limpcbrowserex.exe no specs limpcbrowserex.exe no specs afkjourney_setup_1.4.0.0_21.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
540"C:\Users\admin\Downloads\AFKJourney_setup_1.4.0.0_21.exe" C:\Users\admin\Downloads\AFKJourney_setup_1.4.0.0_21.exe
explorer.exe
User:
admin
Company:
Shanghai Lilith Network Technology Co., Ltd.
Integrity Level:
HIGH
Description:
AFK Journey
Exit code:
0
Version:
1.4.0.0
Modules
Images
c:\users\admin\downloads\afkjourney_setup_1.4.0.0_21.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
784"C:\Program Files (x86)\AFK Journey\AFKJourney Game\game\AFK Journey_Data\Plugins\x86_64\LIMPC\limpcbrowserex.exe" --type=gpu-process --no-sandbox --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 parksdk/1.0.0.0 browser/1.0.0.0" --lang=en --user-data-dir="C:\Users\admin\.limpc\10013832\prod\prod8bef2ba4a37b2d80540cd3f97000\cache" --windows-job-name=PCSDK-JOB-{7E89BEA3-3007-4DC5-BCD6-B9DC0FA1897B}-6728 --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\admin\.limpc\10013832\prod\prod8bef2ba4a37b2d80540cd3f97000\cache\console.log" --mojo-platform-channel-handle=1620 --field-trial-handle=1712,i,13975124076229007875,15714244379091495424,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:2C:\Program Files (x86)\AFK Journey\AFKJourney Game\game\AFK Journey_Data\Plugins\x86_64\LIMPC\limpcbrowserex.exelimpcbrowserex.exe
User:
admin
Integrity Level:
HIGH
Description:
Chromium Embedded Framework (CEF) Client Application
Version:
104.4.25+gd80d467+chromium-104.0.5112.102
848\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeWMIC.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1792wmic bios get serialnumberC:\Windows\System32\wbem\WMIC.exeAFK Journey.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
WMI Commandline Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
2272"C:\Program Files (x86)\AFK Journey\AFKJourney Game\game\AFK Journey_Data\Plugins\x86_64\LIMPC\limpcbrowserex.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --ignore-certificate-errors=1 --ignore-certificate-errors=1 --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 parksdk/1.0.0.0 browser/1.0.0.0" --lang=en --user-data-dir="C:\Users\admin\.limpc\10013832\prod\prod8bef2ba4a37b2d80540cd3f97000\cache" --windows-job-name=PCSDK-JOB-{7E89BEA3-3007-4DC5-BCD6-B9DC0FA1897B}-4340 --log-file="C:\Users\admin\.limpc\10013832\prod\prod8bef2ba4a37b2d80540cd3f97000\cache\console.log" --mojo-platform-channel-handle=1644 --field-trial-handle=1692,i,2969663830885941514,14373768360442166537,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8C:\Program Files (x86)\AFK Journey\AFKJourney Game\game\AFK Journey_Data\Plugins\x86_64\LIMPC\limpcbrowserex.exelimpcbrowserex.exe
User:
admin
Integrity Level:
HIGH
Description:
Chromium Embedded Framework (CEF) Client Application
Exit code:
0
Version:
104.4.25+gd80d467+chromium-104.0.5112.102
2420"C:\Program Files (x86)\AFK Journey\AFKJourney Game\game\AFK Journey.exe" --env_id=prod8bef2ba4a37b2d80540cd3f97000 --version=1.2.22.1910 --env=prodC:\Program Files (x86)\AFK Journey\AFKJourney Game\game\AFK Journey.exe
AFKJourneyLauncher.exe
User:
admin
Integrity Level:
HIGH
Version:
2021.3.37.0
Modules
Images
c:\program files (x86)\afk journey\afkjourney game\game\afk journey.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
2444"C:\Program Files (x86)\AFK Journey\AFKJourney Game\game\AFK Journey_Data\Plugins\x86_64\LIMPC\limpcbrowserex.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --no-sandbox --ignore-certificate-errors=1 --ignore-certificate-errors=1 --log-severity=warning --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 parksdk/1.0.0.0 browser/1.0.0.0" --lang=en --user-data-dir="C:\Users\admin\.limpc\10013832\prod\prod8bef2ba4a37b2d80540cd3f97000\cache" --windows-job-name=PCSDK-JOB-{7E89BEA3-3007-4DC5-BCD6-B9DC0FA1897B}-6728 --log-file="C:\Users\admin\.limpc\10013832\prod\prod8bef2ba4a37b2d80540cd3f97000\cache\console.log" --mojo-platform-channel-handle=2356 --field-trial-handle=1712,i,13975124076229007875,15714244379091495424,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8C:\Program Files (x86)\AFK Journey\AFKJourney Game\game\AFK Journey_Data\Plugins\x86_64\LIMPC\limpcbrowserex.exelimpcbrowserex.exe
User:
admin
Integrity Level:
HIGH
Description:
Chromium Embedded Framework (CEF) Client Application
Version:
104.4.25+gd80d467+chromium-104.0.5112.102
3004C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
3024wmic csproduct get UUIDC:\Windows\System32\wbem\WMIC.exeAFK Journey.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
WMI Commandline Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
3600\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeWMIC.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
11 439
Read events
11 349
Write events
84
Delete events
6

Modification events

(PID) Process:(540) AFKJourney_setup_1.4.0.0_21.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\lilith\10013832
Operation:writeName:InstallGuid
Value:
v295e617f1-a6e1-4c6c-b02e-038eb9fed653
(PID) Process:(540) AFKJourney_setup_1.4.0.0_21.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{prod8bef2ba4a37b2d80540cd3f97000}_is1
Operation:writeName:LinkName
Value:
AFK Journey
(PID) Process:(540) AFKJourney_setup_1.4.0.0_21.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{prod8bef2ba4a37b2d80540cd3f97000}_is1
Operation:writeName:DisplayName
Value:
AFK Journey
(PID) Process:(540) AFKJourney_setup_1.4.0.0_21.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{prod8bef2ba4a37b2d80540cd3f97000}_is1
Operation:writeName:DisplayIcon
Value:
C:\Program Files (x86)\AFK Journey\AFKJourneyLauncher.exe
(PID) Process:(540) AFKJourney_setup_1.4.0.0_21.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{prod8bef2ba4a37b2d80540cd3f97000}_is1
Operation:writeName:Publisher
Value:
Shanghai Lilith Network Technology Co., Ltd.
(PID) Process:(540) AFKJourney_setup_1.4.0.0_21.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{prod8bef2ba4a37b2d80540cd3f97000}_is1
Operation:writeName:InstallTimestamp
Value:
1731992996
(PID) Process:(540) AFKJourney_setup_1.4.0.0_21.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{prod8bef2ba4a37b2d80540cd3f97000}_is1
Operation:writeName:UninstallString
Value:
"C:\Program Files (x86)\AFK Journey\AFKJourneyUninst.exe"
(PID) Process:(540) AFKJourney_setup_1.4.0.0_21.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{prod8bef2ba4a37b2d80540cd3f97000}_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files (x86)\AFK Journey
(PID) Process:(540) AFKJourney_setup_1.4.0.0_21.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{prod8bef2ba4a37b2d80540cd3f97000}_is1
Operation:writeName:LauncherName
Value:
AFKJourneyLauncher.exe
(PID) Process:(540) AFKJourney_setup_1.4.0.0_21.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{prod8bef2ba4a37b2d80540cd3f97000}_is1
Operation:writeName:DisplayVersion
Value:
1.4.0.0
Executable files
51
Suspicious files
394
Text files
189
Unknown types
0

Dropped files

PID
Process
Filename
Type
540AFKJourney_setup_1.4.0.0_21.exeC:\Program Files (x86)\AFK Journey\launcher.7z
MD5:
SHA256:
540AFKJourney_setup_1.4.0.0_21.exeC:\Program Files (x86)\AFK Journey\CSLog\customLog.txttext
MD5:837E981D9449F6D4ADF38C2A55F1AC8B
SHA256:09A9F1276E7E329AA649E97910202CE84558C5F10E946819118EB068E9548D29
540AFKJourney_setup_1.4.0.0_21.exeC:\Program Files (x86)\AFK Journey\resource\data\init.datbinary
MD5:C75BC2324F813E87889893FCBEFE093E
SHA256:6CFE07F05B921C8A62BFC0F1019D144A1514BAD5031C832945858AD0B841D065
540AFKJourney_setup_1.4.0.0_21.exeC:\Program Files (x86)\AFK Journey\resource\img\btn_more.pngimage
MD5:165D17A94D434ECFF9BB8CF621C19EBC
SHA256:6868C45E1BBF0E9C1BCEC0D782A9CC8E3154985668AA7182D4D9CAA99FCC216E
540AFKJourney_setup_1.4.0.0_21.exeC:\Program Files (x86)\AFK Journey\GameBabyConfig.dattext
MD5:5DEE4E36EBBFB8E905D059CF6032F1FD
SHA256:B4F303417FE6F47929E04DCB5AEEB864CF2C6E13C68C381FD5E954C0CF1AF75C
540AFKJourney_setup_1.4.0.0_21.exeC:\Program Files (x86)\AFK Journey\resource\cer\cacert.pemtext
MD5:B9FF41F0F273DF77E47E84544B069189
SHA256:3321130D11B1AB339D1277CBB4ACC5F58D17155060C8CDBEEF3DC8D0A69D1235
540AFKJourney_setup_1.4.0.0_21.exeC:\Program Files (x86)\AFK Journey\resource\img\btn_close_hover.pngimage
MD5:C327F3B55420656CD263A52DE995F557
SHA256:F6011878797B013BA3AEF4B16845076821582C1E78A68E0B6BA3221F29A6D835
540AFKJourney_setup_1.4.0.0_21.exeC:\Program Files (x86)\AFK Journey\resource\img\bg_setting.pngimage
MD5:50BA4D5F6BE66CFE30EDFF726457F4F3
SHA256:0AE06C56956E37EEE86D793530300DE8183E24B96591F1DE0EC7495EEC748252
540AFKJourney_setup_1.4.0.0_21.exeC:\Program Files (x86)\AFK Journey\resource\img\btn_mini_hover.pngimage
MD5:144A9DADDB8B6DFB87BD9653D0E1263C
SHA256:C8D92AE6159E48D5BC174D375104D6C88B97B3BA1622BD6298EDF5C2C2148B6A
540AFKJourney_setup_1.4.0.0_21.exeC:\Program Files (x86)\AFK Journey\resource\img\bg_progress.pngimage
MD5:AD956E28E9E44BAFD0D4E8AFEC8EC1F3
SHA256:9A7A7ABEDF514D7A062F602608CB27FB59AECE8FF01381C7372EFFC5E41A7068
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
12
TCP/UDP connections
158
DNS requests
50
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6728
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
624
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
2420
AFK Journey.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicWinProPCA2011_2011-10-19.crl%20
unknown
whitelisted
6944
svchost.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6944
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6460
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
2420
AFK Journey.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
whitelisted
2420
AFK Journey.exe
GET
200
104.18.20.226:80
http://ocsp.globalsign.com/rootr3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCEHgDGEJFcIpBz28BuO60qVQ%3D
unknown
whitelisted
2420
AFK Journey.exe
GET
200
104.18.20.226:80
http://ocsp.globalsign.com/gsgccr45evcodesignca2020/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQaCbVYh07WONuW4e63Ydlu4AlbDAQUJZ3Q%2FFkJhmPF7POxEztXHAOSNhECDBc87Lbnd7jKJQx3Zw%3D%3D
unknown
whitelisted
4360
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4292
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5488
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6944
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
540
AFKJourney_setup_1.4.0.0_21.exe
163.181.131.234:443
imv2-gl.farlightgames.com
US
unknown
540
AFKJourney_setup_1.4.0.0_21.exe
23.53.42.50:443
app.farlightgames.com
Akamai International B.V.
DE
unknown
4360
SearchApp.exe
92.123.104.33:443
www.bing.com
Akamai International B.V.
DE
whitelisted
624
svchost.exe
20.190.159.4:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4360
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 172.217.18.14
whitelisted
imv2-gl.farlightgames.com
  • 163.181.131.234
unknown
app.farlightgames.com
  • 23.53.42.50
  • 23.53.42.42
unknown
www.bing.com
  • 92.123.104.33
  • 92.123.104.32
  • 92.123.104.60
  • 92.123.104.59
  • 92.123.104.8
  • 92.123.104.28
  • 92.123.104.31
  • 92.123.104.52
  • 92.123.104.19
whitelisted
login.live.com
  • 20.190.159.4
  • 20.190.159.0
  • 20.190.159.23
  • 20.190.159.64
  • 40.126.31.67
  • 20.190.159.73
  • 40.126.31.69
  • 40.126.31.73
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
th.bing.com
  • 92.123.104.60
  • 92.123.104.32
  • 92.123.104.8
  • 92.123.104.34
  • 92.123.104.59
  • 92.123.104.52
  • 92.123.104.33
  • 92.123.104.38
  • 92.123.104.31
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
tsg-hdp-raw-log.data.cn-singapore-lls01-d01.sls-pub.farlightgames.com
  • 34.36.110.19
unknown
pc.crashsight.wetest.net
  • 101.33.48.102
unknown

Threats

PID
Process
Class
Message
Misc activity
ET INFO DNS Query to Alibaba Cloud CDN Domain (aliyuncs .com)
Misc activity
ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)
Misc activity
ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)
Process
Message
AFKJourneyLauncher.exe
<0> [0~-1] (*), Disk: 0, Buffer: 0
AFKJourneyLauncher.exe
[downloader] Start downloading.
AFKJourneyLauncher.exe
[downloader] Target file path: C:\Program Files (x86)\AFK Journey\save\res_config.json.
AFKJourneyLauncher.exe
[downloader debug info]:STATE: INIT => CONNECT handle 0x6cee700; line 1942
AFKJourneyLauncher.exe
[downloader] CURLOPT_RESUME_FROM_LARGE: 0.
AFKJourneyLauncher.exe
[downloader debug info]:This is a debug build of libcurl, do not use in production.
AFKJourneyLauncher.exe
[downloader] URL: https://static-gl.farlightgames.com/p/pcsdk/launcher2/10076/prod8bef2ba4a37b2d80540cd3f97000/0/launcher/res_config.json.
AFKJourneyLauncher.exe
[downloader] Max speed per slice: -1.
AFKJourneyLauncher.exe
[downloader debug info]:Added connection 0. The cache now contains 0 members
AFKJourneyLauncher.exe
[downloader] Disk cache per slice: 1048576.
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
AFKJourney_setup_1.4.0.0_21.exe