Windows Analysis Report
23bGlBtTiX.exe

Overview

General Information

Sample name:	23bGlBtTiX.exe renamed because original name is a hash value
Original sample name:	ca6e33cf72e210e9b8faaa354de8b2382fc5e2a163d9172802011f68983fccb0.exe
Analysis ID:	1446918
MD5:	4e14611a07ab337ac271117a19c3181e
SHA1:	b1e420c460b8dd3d8fbcd5e1f0a14da833d6c05e
SHA256:	ca6e33cf72e210e9b8faaa354de8b2382fc5e2a163d9172802011f68983fccb0
Tags:	exe
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Sample uses string decryption to hide its real strings

Yara detected Costura Assembly Loader

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Creates a DirectInput object (often for capturing keystrokes)

Detected potential crypto function

Drops PE files

Found dropped PE file which has not been started or loaded

Installs a raw input device (often for capturing keystrokes)

PE file contains sections with non-standard names

PE file does not import any functions

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses code obfuscation techniques (call, push, ret)

Classification

Signatures

AV Detection

Sample uses string decryption to hide its real strings

Source: 23bGlBtTiX.exe	String decryptor: n%p
Source: 23bGlBtTiX.exe	String decryptor: =O-
Source: 23bGlBtTiX.exe	String decryptor: 8?^
Source: 23bGlBtTiX.exe	String decryptor: <BW
Source: 23bGlBtTiX.exe	String decryptor: ws\|
Source: 23bGlBtTiX.exe	String decryptor: w!:
Source: 23bGlBtTiX.exe	String decryptor: \|No
Source: 23bGlBtTiX.exe	String decryptor: B&'
Source: 23bGlBtTiX.exe	String decryptor: z`7
Source: 23bGlBtTiX.exe	String decryptor: +u
Source: 23bGlBtTiX.exe	String decryptor: =O-
Source: 23bGlBtTiX.exe	String decryptor: =O-
Source: 23bGlBtTiX.exe	String decryptor: dL- _,
Source: 23bGlBtTiX.exe	String decryptor: dL-

Source: 23bGlBtTiX.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: /_/src/Nito.AsyncEx.Coordination/obj/Release/net461/Nito.AsyncEx.Coordination.pdbSHA256{ source: 23bGlBtTiX.exe, 00000000.00000002.3113392926.000001DAEE980000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/Microsoft.Extensions.DependencyInjection/Release/net462/Microsoft.Extensions.DependencyInjection.pdb source: 23bGlBtTiX.exe, 00000000.00000002.2988027071.000001DAD4740000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE60C8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /_/src/MahApps.Metro.SimpleChildWindow/obj/Release/net47/MahApps.Metro.SimpleChildWindow.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/src/CommunityToolkit.Mvvm/obj/Release/netstandard2.0/CommunityToolkit.Mvvm.pdbSHA256 source: 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: RayCarrot.RCP.Metro.pdb source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: /_/src/MahApps.Metro/obj/Release/net47/MahApps.Metro.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6820000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: D:\Users\RibShark\Documents\Projects\rayman3-input-fix\Release\dinput8.pdb source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD21A7000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: /_/src/Nito.Collections.Deque/obj/Release/net461/Nito.Collections.Deque.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3113630486.000001DAEE9A0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Dev\RayCarrot\RCP_Metro\RayCarrot.RCP.Metro\src\RayCarrot.RCP.Uninstaller\obj\Release\RayCarrot.RCP.Uninstaller.pdb source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD21A7000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: RayCarrot.RCP.Metro.pdbMPDB source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: D:\Paulo\Projetos\WPF-AutoComplete-TextBox\AutoCompleteTextBox\AutoCompleteTextBox\obj\Release\net472\AutoCompleteTextBox.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3124879805.000001DAEEEB0000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2988975888.000001DAD6065000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\Magick.Native\Magick.Native\src\Magick.Native\bin\ReleaseQ8\x64\Magick.Native-Q8-x64.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3214981273.00007FFDF3635000.00000002.00000001.01000000.00000006.sdmp, 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD3689000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/Release/net462/Microsoft.Bcl.AsyncInterfaces.pdbSHA256 source: 23bGlBtTiX.exe, 00000000.00000002.2988185158.000001DAD4760000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/src/Nito.Collections.Deque/obj/Release/net461/Nito.Collections.Deque.pdbSHA256;@ source: 23bGlBtTiX.exe, 00000000.00000002.3113630486.000001DAEE9A0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/src/NLog/obj/Release/net46/NLog.pdbSHA256 source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3110914267.000001DAEE890000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE60C8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /_/src/NLog/obj/Release/net46/NLog.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3110914267.000001DAEE890000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE60C8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\Magick.Native\Magick.Native\src\Magick.Native\bin\ReleaseQ8\x64\Magick.Native-Q8-x64.pdb' source: 23bGlBtTiX.exe, 00000000.00000002.3214981273.00007FFDF3635000.00000002.00000001.01000000.00000006.sdmp, 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD3689000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: /_/artifacts/obj/Microsoft.Extensions.DependencyInjection/Release/net462/Microsoft.Extensions.DependencyInjection.pdbSHA256 source: 23bGlBtTiX.exe, 00000000.00000002.2988027071.000001DAD4740000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE60C8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /_/src/Nito.AsyncEx.Coordination/obj/Release/net461/Nito.AsyncEx.Coordination.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3113392926.000001DAEE980000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/Microsoft.Extensions.DependencyInjection.Abstractions/Release/net462/Microsoft.Extensions.DependencyInjection.Abstractions.pdb source: 23bGlBtTiX.exe, 00000000.00000002.2987761781.000001DAD46A0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/src/ControlzEx/obj/Release/net462/ControlzEx.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Threading.Tasks.Extensions\netfx\System.Threading.Tasks.Extensions.pdb source: 23bGlBtTiX.exe, 00000000.00000002.2988245314.000001DAD4770000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/src/CommunityToolkit.Mvvm/obj/Release/netstandard2.0/CommunityToolkit.Mvvm.pdb source: 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: dinput.pdb source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD21A7000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: /_/artifacts/obj/Microsoft.Extensions.DependencyInjection.Abstractions/Release/net462/Microsoft.Extensions.DependencyInjection.Abstractions.pdbSHA256: source: 23bGlBtTiX.exe, 00000000.00000002.2987761781.000001DAD46A0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/Release/net462/Microsoft.Bcl.AsyncInterfaces.pdb source: 23bGlBtTiX.exe, 00000000.00000002.2988185158.000001DAD4760000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: D:\Paulo\Projetos\WPF-AutoComplete-TextBox\AutoCompleteTextBox\AutoCompleteTextBox\obj\Release\net472\AutoCompleteTextBox.pdbSHA256 source: 23bGlBtTiX.exe, 00000000.00000002.3124879805.000001DAEEEB0000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2988975888.000001DAD6065000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\src\Microsoft.Xaml.Behaviors\obj\Release\net462\Microsoft.Xaml.Behaviors.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3125044472.000001DAEEEC0000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6FFE000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE7026000.00000004.00000800.00020000.00000000.sdmp

Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/mods/rrr/RRR_Patched_GOG.zipVhttps://raym.app/rcp/featured_gb_mods.jsoncnhttps://github.com/RayCarrot/Rayman-Control-Panel-MetroFhttps://www.youtube.com/c/RayCarrot:https://twitter.com/RayCarrot@mailto:RayCarrotMaster@gmail.comhhttps://steamcommunity.com/groups/RaymanControlPanel equals www.twitter.com (Twitter)
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/mods/rrr/RRR_Patched_GOG.zipVhttps://raym.app/rcp/featured_gb_mods.jsoncnhttps://github.com/RayCarrot/Rayman-Control-Panel-MetroFhttps://www.youtube.com/c/RayCarrot:https://twitter.com/RayCarrot@mailto:RayCarrotMaster@gmail.comhhttps://steamcommunity.com/groups/RaymanControlPanel equals www.youtube.com (Youtube)

Source: 23bGlBtTiX.exe, 00000000.00000002.3214981273.00007FFDF359F000.00000002.00000001.01000000.00000006.sdmp, 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD35F3000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://.css
Source: 23bGlBtTiX.exe, 00000000.00000002.3214981273.00007FFDF359F000.00000002.00000001.01000000.00000006.sdmp, 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD35F3000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://.jpg
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6820000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6820000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6820000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6820000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6820000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6820000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6820000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6820000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0K
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Styles/Controls.Buttons.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Styles/Controls.ComboBox.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Styles/Controls.ListBox.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Styles/Controls.Scrollbars.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Styles/Controls.Shared.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Styles/Controls.TabControl.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Styles/Controls.TextBlock.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Styles/Controls.TextBox.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/ColorPicker/ColorCanvas.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/ColorPicker/ColorCanvas.xaml0
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/ColorPicker/ColorComponentSlider.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/ColorPicker/ColorEyeDropper.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/ColorPicker/ColorPalette.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/ColorPicker/ColorPicker.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/ContentControlEx.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/Dialogs/BaseMetroDialog.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/HamburgerMenu.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/HamburgerMenuTemplate.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/HotKeyBox.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/MetroContentControl.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/MetroHeader.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/MetroProgressBar.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/MetroTabControl.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/MetroTabItem.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/MetroWindow.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/NumericUpDown.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/Pivot.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/ProgressRing.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/RangeSlider.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/SplitButton.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/SplitView.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/Thumb.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/Tile.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/ToggleSwitch.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/TransitioningContentControl.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/WindowButtonCommands.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/WindowCommands.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.blue.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.cyan.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.emerald.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.green.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.green.xaml0
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.indigo.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.lime.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.magenta.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.olive.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.orange.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.purple.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.red.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.sienna.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.steel.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.taupe.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.teal.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.violet.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.yellow.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/light.cyan.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/light.emerald.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/light.green.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/light.indigo.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/light.magenta.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/light.mauve.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/light.pink.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/light.red.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/light.sienna.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/light.steel.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/light.taupe.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/light.teal.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/light.violet.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/light.yellow.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Styles/Controls.ListBox.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/ColorPicker/ColorCanvas.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/ColorPicker/ColorComponentSlider.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/ColorPicker/ColorEyeDropper.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/ColorPicker/ColorPalette.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/ColorPicker/ColorPicker.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/ContentControlEx.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/Dialogs/BaseMetroDialog.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/HamburgerMenu.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/HamburgerMenuTemplate.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/HotKeyBox.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/MetroAnimatedTabControl.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/MetroContentControl.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/MetroHeader.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/MetroProgressBar.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/MetroTabControl.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/MetroTabItem.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/MetroWindow.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/NumericUpDown.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/Pivot.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/ProgressRing.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/RangeSlider.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/SplitButton.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/SplitView.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/Thumb.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/Tile.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/ToggleSwitch.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/TransitioningContentControl.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/WindowButtonCommands.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/WindowCommands.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/controls.listbox.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/controls.listbox.baml0
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/dark.blue.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/dark.cyan.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/dark.emerald.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/dark.green.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/dark.indigo.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/dark.lime.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/dark.magenta.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/dark.olive.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/dark.orange.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/dark.purple.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/dark.red.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/dark.sienna.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/dark.steel.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/dark.taupe.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/dark.teal.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/dark.violet.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/dark.yellow.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/light.cyan.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/light.emerald.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/light.green.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/light.indigo.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/light.magenta.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/light.mauve.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/light.pink.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/light.red.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/light.sienna.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/light.steel.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/light.taupe.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/light.teal.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/light.violet.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/light.yellow.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/colorpicker/colorcanvas.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/colorpicker/colorcomponentslider.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/colorpicker/coloreyedropper.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/colorpicker/colorpalette.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/colorpicker/colorpicker.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/contentcontrolex.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/dialogs/basemetrodialog.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/hamburgermenu.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/hamburgermenutemplate.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/hotkeybox.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/metroanimatedtabcontrol.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/metrocontentcontrol.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/metroheader.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/metroprogressbar.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/metrotabcontrol.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/metrotabitem.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/metrowindow.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/numericupdown.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/pivot.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/progressring.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/rangeslider.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/splitbutton.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/splitview.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/thumb.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/tile.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/toggleswitch.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/transitioningcontentcontrol.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/windowbuttoncommands.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/windowcommands.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.blue.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.blue.xaml0
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.cyan.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.emerald.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.green.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.indigo.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.lime.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.magenta.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.olive.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.orange.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.purple.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.red.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.sienna.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.steel.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.taupe.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.teal.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.violet.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.yellow.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/light.cyan.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/light.emerald.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/light.green.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/light.indigo.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/light.magenta.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/light.mauve.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/light.pink.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/light.red.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/light.sienna.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/light.steel.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/light.taupe.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/light.teal.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/light.violet.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/light.yellow.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.3214981273.00007FFDF359F000.00000002.00000001.01000000.00000006.sdmp, 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD35F3000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://html4/loose.dtd
Source: 23bGlBtTiX.exe, 00000000.00000002.3214981273.00007FFDF30A9000.00000002.00000001.01000000.00000006.sdmp, 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD30FD000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://medical.nema.org/.
Source: 23bGlBtTiX.exe	String found in binary or memory: http://metro.mahapps.com/winfx/xaml/controls
Source: 23bGlBtTiX.exe	String found in binary or memory: http://metro.mahapps.com/winfx/xaml/iconpacks
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6EEC000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6B3D000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://metro.mahapps.com/winfx/xaml/shared
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6EEC000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://metro.mahapps.com/winfx/xaml/simplechildwindow
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3110914267.000001DAEE890000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE60C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nlog-project.org/dummynamespace/
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6820000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6820000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6820000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0K
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0N
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6820000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3110914267.000001DAEE890000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE60C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: 23bGlBtTiX.exe	String found in binary or memory: http://wpfcontrols.com/
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD317E000.00000002.00000001.01000000.00000003.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3214981273.00007FFDF312A000.00000002.00000001.01000000.00000006.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6820000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: 23bGlBtTiX.exe, 00000000.00000002.3214981273.00007FFDF312A000.00000002.00000001.01000000.00000006.sdmp	String found in binary or memory: http://www.libpng.org/
Source: 23bGlBtTiX.exe, 00000000.00000002.3214981273.00007FFDF312A000.00000002.00000001.01000000.00000006.sdmp	String found in binary or memory: http://www.libpng.org/pub/mng/
Source: 23bGlBtTiX.exe, 00000000.00000002.3214981273.00007FFDF30A9000.00000002.00000001.01000000.00000006.sdmp, 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD30FD000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.smtpe.org
Source: 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://aka.ms/toolkit/dotnet
Source: 23bGlBtTiX.exe, 00000000.00000002.3246833523.00007FFDF37F3000.00000002.00000001.01000000.00000006.sdmp, 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD37D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://efg2.com/Lab/Library/ImageProcessing/DHALF.TXT
Source: 23bGlBtTiX.exe, 00000000.00000002.3246833523.00007FFDF37F3000.00000002.00000001.01000000.00000006.sdmp, 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD37D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://fho-emden.de/~hoffmann/hilb010101.pdf
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://gamebanana.com/apiv11/Game/
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://gamebanana.com/apiv11/Mod/
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://gamebanana.com/apiv11/Mod/Multi?_csvRowIds=
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://gamebanana.com/mods/
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://gamejolt.com/games/RaymanGardenPlus/622289
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://gamejolt.com/games/Rayman_ReDesigner/539216
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://gamejolt.com/games/Rayman_ReDesigner/539216dhttps://gamejolt.com/games/dreamersboundary/5075
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://gamejolt.com/games/Rayman_The_Dark_Magicians_Reign_of_terror/237701
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://gamejolt.com/games/Rayman_The_Dark_Magicians_Reign_of_terror/237701YRayman
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://gamejolt.com/games/dreamersboundary/507525GRayman
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://gamejolt.com/games/globoxmoment/428585
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://gamejolt.com/games/globoxmoment/428585#Globox
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://gamejolt.com/games/rayman_bowling_2/532563
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://gamejolt.com/games/rayman_bowling_2/532563)Rayman
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://gamejolt.com/games/raymanredemption/340532
Source: 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/CommunityToolkit/dotnet
Source: 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/ControlzEx/ControlzEx
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/ControlzEx/ControlzEx0
Source: 23bGlBtTiX.exe, 00000000.00000002.2988975888.000001DAD5FF2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/MahApps/MahAp
Source: 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/MahApps/MahApps.Metro.git
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6820000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/MahApps/MahApps.Metro0
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3110914267.000001DAEE890000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE60C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/NLog/NLog.git
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/RayCarrot/RayCarrot.RCP.Metro/wiki/Mod-LoaderCConverting
Source: 23bGlBtTiX.exe, 00000000.00000002.3113392926.000001DAEE980000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/StephenCleary/AsyncEx
Source: 23bGlBtTiX.exe, 00000000.00000002.3113392926.000001DAEE980000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/StephenCleary/AsyncEx5
Source: 23bGlBtTiX.exe, 00000000.00000002.3113630486.000001DAEE9A0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/StephenCleary/Deque
Source: 23bGlBtTiX.exe, 00000000.00000002.3113630486.000001DAEE9A0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/StephenCleary/Deque2
Source: 23bGlBtTiX.exe, 00000000.00000002.2988245314.000001DAD4770000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f
Source: 23bGlBtTiX.exe, 00000000.00000002.2988245314.000001DAD4770000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f8
Source: 23bGlBtTiX.exe, 00000000.00000002.2988185158.000001DAD4760000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2988027071.000001DAD4740000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE60C8000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2987761781.000001DAD46A0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/runtime
Source: 23bGlBtTiX.exe, 00000000.00000002.3125044472.000001DAEEEC0000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6FFE000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE7026000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/microsoft/XamlBehaviorsWpf
Source: 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/punker76/MahApps.Metro.SimpleChildWindow
Source: 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/punker76/MahApps.Metro.SimpleChildWindow.git
Source: 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/punker76/MahApps.Metro.SimpleChildWindow.gitT
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD3218000.00000002.00000001.01000000.00000003.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3214981273.00007FFDF31C3000.00000002.00000001.01000000.00000006.sdmp	String found in binary or memory: https://gitlab.gnome.org/GNOME/glib/issues/new
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD3218000.00000002.00000001.01000000.00000003.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3214981273.00007FFDF31C3000.00000002.00000001.01000000.00000006.sdmp	String found in binary or memory: https://gitlab.gnome.org/GNOME/glib/issues/newD:
Source: magick.native-q8-x64.dll.0.dr	String found in binary or memory: https://imagemagick.org
Source: 23bGlBtTiX.exe, 00000000.00000002.3246833523.00007FFDF37F3000.00000002.00000001.01000000.00000006.sdmp, 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD37D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://imagemagick.org/
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD37D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://imagemagick.org/0
Source: 23bGlBtTiX.exe, 00000000.00000002.3214981273.00007FFDF3005000.00000002.00000001.01000000.00000006.sdmp, 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD2BA7000.00000002.00000001.01000000.00000003.sdmp, magick.native-q8-x64.dll.0.dr	String found in binary or memory: https://imagemagick.orgsoftwareThumb::Image::WidthThumb::Image::HeightThumb::Document::Pages
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE60C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nlog-project.org/
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/maps/2https://raym.app/maps_r1/
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/maps/?mode=
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/maps_r1/?mode=
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/ray1editor/
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/RCP_Metro_Manifest.json
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/Xhttps://raym.app/rcp/RCP_Metro_Manifest.json
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/featured_gb_mods.jsoncILoading
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/news.json
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/news.jsonLhttps://raym.app/rcp/resources/12.0.0/
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/demos/R3_Demo_1.zip
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/demos/R3_Demo_2.zip7Rayman3_Demo_20021210_Win32
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/demos/R3_Demo_3.zip7Rayman3_Demo_20030108_Win32
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/demos/R3_Demo_4.zip
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/demos/R3_Demo_5.zip7Rayman3_Demo_20030129_Win32
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/demos/RRR_Demo.zip3RaymanRavingRabbids_Win32
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/demos/Rayman_1_Demo_1.zip7Rayman1_Demo_19960215_MsDos
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/demos/Rayman_1_Demo_2.zip
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/demos/Rayman_1_Demo_3.zip7Rayman1_Demo_19951207_MsDos
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/demos/Rayman_2_Demo_1.zip)BinData
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/demos/Rayman_2_Demo_2.zip
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/demos/Rayman_Gold_Demo.zip
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/demos/Rayman_Gold_Demo.zip~https://raym.app/rcp/resources/12.0
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/demos/Rayman_M_Demo.zip
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/games/PrintStudio1.zipyhttps://raym.app/rcp/resources/12.0.0/g
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/games/RavingRabbidsActivityCenter.zipORaymanRavingRabbids_Demo
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/games/RavingRabbidsActivityCenter.ziprhttps://raym.app/rcp/res
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/games/Ray1Minigames.zip7Rayman2_Demo_19990818_Win32
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/mods/rrr/RRR_Patched_GOG.zip)Invalid
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/mods/rrr/RRR_Patched_GOG.zipVhttps://raym.app/rcp/featured_gb_
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/mods/rrr/RRR_Patched_Steam.zip
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/utilities/Vhttps://raym.app/rcp/resources/12.0.0/mods/Xhttps:/
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/utilities/r1/CompleteOST.zip
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/utilities/r1/CompleteOST.zip/Replacing
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/utilities/r1/IncompleteOST.zip
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/utilities/r1/TPLS.zipIThe
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/utilities/r1/raykit/CLIENT.EXE
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/utilities/r1/raykit/RAYRUN.EXE
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/utilities/r1/raykit/STARTUP.EXE
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/utilities/r1/raykit/al/MAPPER.EXE
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/utilities/r1/raykit/fr/MAPPER.EXE
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/utilities/r1/raykit/us/MAPPER.EXE
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/utilities/ro/Updater.zip
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/utilities/ro/Updater.zip1RaymanOriginspc_1.02.exe-Downloading
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://steamcommunity.com/groups/RaymanControlPanel
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://steamcommunity.com/groups/RaymanControlPanel/discussions/0/1812044473314212117/
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://store.steampowered.com/app/?https://steamcommunity.com/app/%steam://rungameid/
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://store.ubisoft.com/game?pid=
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.gog.com/game/rayman_2_the_great_escape
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.gog.com/game/rayman_3_hoodlum_havoc
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.gog.com/game/rayman_forever3GameDisplay_PurchaseUplay
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.gog.com/game/rayman_origins
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.gog.com/game/rayman_raving_rabbids
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.google.com/s2/favicons?domain=-Getting
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3110914267.000001DAEE890000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE60C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.nuget.org/packages/NLog.Web.AspNetCore

Creates a DirectInput object (often for capturing keystrokes)

Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD21A7000.00000002.00000001.01000000.00000003.sdmp

Binary or memory string: DirectInput8Create called.

memstr_109c4676-8

Installs a raw input device (often for capturing keystrokes)

Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD21A7000.00000002.00000001.01000000.00000003.sdmp

Binary or memory string: ARegisterRawInputDevices

memstr_4ca13a1f-5

Detected potential crypto function

Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Code function: 0_2_00007FFD9B899BA0	0_2_00007FFD9B899BA0
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Code function: 0_2_00007FFD9B897E49	0_2_00007FFD9B897E49
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Code function: 0_2_00007FFD9B890548	0_2_00007FFD9B890548
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Code function: 0_2_00007FFD9B89BAA1	0_2_00007FFD9B89BAA1
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Code function: 0_2_00007FFD9B89C7E0	0_2_00007FFD9B89C7E0

PE file does not import any functions

Source: 23bGlBtTiX.exe

Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameControlzEx.dll6 vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6820000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMahApps.Metro.dll< vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMahApps.Metro.dll< vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: _originalFileName vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNLog.dll8 vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameControlzEx.dll6 vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.2988185158.000001DAD4760000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Bcl.AsyncInterfaces.dll@ vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3246833523.00007FFDF37F3000.00000002.00000001.01000000.00000006.sdmp	Binary or memory string: OriginalFilenameMagick.Native< vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3110914267.000001DAEE890000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: _originalFileName vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3110914267.000001DAEE890000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameNLog.dll8 vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD21A7000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameRayCarrot.RCP.Updater.exe^ vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD21A7000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameRayCarrot.RCP.Uninstaller.exeT vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD21A7000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameDInput.dllj% vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3125044472.000001DAEEEC0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Xaml.Behaviors.dllR vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.2988027071.000001DAD4740000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Extensions.DependencyInjection.dll@ vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD37D2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameMagick.Native< vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD37D2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameRayCarrot.RCP.Metro.resources.dllL vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6FFE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Xaml.Behaviors.dllR vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3113630486.000001DAEE9A0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameNito.Collections.Deque.dllN vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3113392926.000001DAEE980000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameNito.AsyncEx.Coordination.dllT vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3124879805.000001DAEEEB0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameAutoCompleteTextBox.dllH vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE60C8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Extensions.DependencyInjection.dll@ vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE60C8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: _originalFileName vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE60C8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNLog.dll8 vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000000.1711444485.000001DAD4306000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameRayCarrot.RCP.Metro.exeJ vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMahApps.Metro.dll< vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.2988245314.000001DAD4770000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameSystem.Threading.Tasks.Extensions.dllT vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.2987761781.000001DAD46A0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Extensions.DependencyInjection.Abstractions.dll@ vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameCommunityToolkit.Mvvm.dllN vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMahApps.Metro.SimpleChildWindow.dll` vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.2988975888.000001DAD6065000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameAutoCompleteTextBox.dllH vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE7026000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Xaml.Behaviors.dllR vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameControlzEx.dll6 vs 23bGlBtTiX.exe

Source: classification engine

Classification label: mal48.evad.winEXE@1/1@0/0

Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Mutant created: NULL
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Mutant created: \Sessions\1\BaseNamedObjects\Costura0356CB2390ED0D212B1CEB25ED194726
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\b2de6d50-e70b-47c4-bef0-471de28816d0

Source: C:\Users\user\Desktop\23bGlBtTiX.exe

File created: C:\Users\user\AppData\Local\Temp\Costura

Jump to behavior

Source: 23bGlBtTiX.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 23bGlBtTiX.exe

Static file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%

Source: C:\Users\user\Desktop\23bGlBtTiX.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 23bGlBtTiX.exe	String found in binary or memory: Binstaller/installergifs/astro.gif
Source: 23bGlBtTiX.exe	String found in binary or memory: @installer/installergifs/cask.gif+
Source: 23bGlBtTiX.exe	String found in binary or memory: Binstaller/installergifs/chase.gifL
Source: 23bGlBtTiX.exe	String found in binary or memory: @installer/installergifs/glob.gif
Source: 23bGlBtTiX.exe	String found in binary or memory: Binstaller/installergifs/rodeo.gifj
Source: 23bGlBtTiX.exe	String found in binary or memory: Pui/controls/loadinghost/loadinghost.baml.
Source: 23bGlBtTiX.exe	String found in binary or memory: Nui/dialogs/addgames/addgamesdialog.baml7
Source: 23bGlBtTiX.exe	String found in binary or memory: Xui/dialogs/addgames/addgamesgamecontrol.baml8
Source: 23bGlBtTiX.exe	String found in binary or memory: lui/dialogs/gameclientssetup/addgameclientscontrol.baml9
Source: 23bGlBtTiX.exe	String found in binary or memory: (UI/Controls/LoadingHost/LoadingHost.xaml?

Source: C:\Users\user\Desktop\23bGlBtTiX.exe

File read: C:\Users\user\Desktop\23bGlBtTiX.exe:Zone.Identifier

Jump to behavior

Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: msvcp140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: msctfui.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: d3dcompiler_47.dll	Jump to behavior

Source: C:\Users\user\Desktop\23bGlBtTiX.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\23bGlBtTiX.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: 23bGlBtTiX.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: 23bGlBtTiX.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: 23bGlBtTiX.exe

Static file information: File size 51514368 > 1048576

Source: 23bGlBtTiX.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x30f2800

Source: 23bGlBtTiX.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: 23bGlBtTiX.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: /_/src/Nito.AsyncEx.Coordination/obj/Release/net461/Nito.AsyncEx.Coordination.pdbSHA256{ source: 23bGlBtTiX.exe, 00000000.00000002.3113392926.000001DAEE980000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/Microsoft.Extensions.DependencyInjection/Release/net462/Microsoft.Extensions.DependencyInjection.pdb source: 23bGlBtTiX.exe, 00000000.00000002.2988027071.000001DAD4740000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE60C8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /_/src/MahApps.Metro.SimpleChildWindow/obj/Release/net47/MahApps.Metro.SimpleChildWindow.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/src/CommunityToolkit.Mvvm/obj/Release/netstandard2.0/CommunityToolkit.Mvvm.pdbSHA256 source: 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: RayCarrot.RCP.Metro.pdb source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: /_/src/MahApps.Metro/obj/Release/net47/MahApps.Metro.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6820000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: D:\Users\RibShark\Documents\Projects\rayman3-input-fix\Release\dinput8.pdb source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD21A7000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: /_/src/Nito.Collections.Deque/obj/Release/net461/Nito.Collections.Deque.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3113630486.000001DAEE9A0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Dev\RayCarrot\RCP_Metro\RayCarrot.RCP.Metro\src\RayCarrot.RCP.Uninstaller\obj\Release\RayCarrot.RCP.Uninstaller.pdb source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD21A7000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: RayCarrot.RCP.Metro.pdbMPDB source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: D:\Paulo\Projetos\WPF-AutoComplete-TextBox\AutoCompleteTextBox\AutoCompleteTextBox\obj\Release\net472\AutoCompleteTextBox.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3124879805.000001DAEEEB0000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2988975888.000001DAD6065000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\Magick.Native\Magick.Native\src\Magick.Native\bin\ReleaseQ8\x64\Magick.Native-Q8-x64.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3214981273.00007FFDF3635000.00000002.00000001.01000000.00000006.sdmp, 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD3689000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/Release/net462/Microsoft.Bcl.AsyncInterfaces.pdbSHA256 source: 23bGlBtTiX.exe, 00000000.00000002.2988185158.000001DAD4760000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/src/Nito.Collections.Deque/obj/Release/net461/Nito.Collections.Deque.pdbSHA256;@ source: 23bGlBtTiX.exe, 00000000.00000002.3113630486.000001DAEE9A0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/src/NLog/obj/Release/net46/NLog.pdbSHA256 source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3110914267.000001DAEE890000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE60C8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /_/src/NLog/obj/Release/net46/NLog.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3110914267.000001DAEE890000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE60C8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\Magick.Native\Magick.Native\src\Magick.Native\bin\ReleaseQ8\x64\Magick.Native-Q8-x64.pdb' source: 23bGlBtTiX.exe, 00000000.00000002.3214981273.00007FFDF3635000.00000002.00000001.01000000.00000006.sdmp, 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD3689000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: /_/artifacts/obj/Microsoft.Extensions.DependencyInjection/Release/net462/Microsoft.Extensions.DependencyInjection.pdbSHA256 source: 23bGlBtTiX.exe, 00000000.00000002.2988027071.000001DAD4740000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE60C8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /_/src/Nito.AsyncEx.Coordination/obj/Release/net461/Nito.AsyncEx.Coordination.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3113392926.000001DAEE980000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/Microsoft.Extensions.DependencyInjection.Abstractions/Release/net462/Microsoft.Extensions.DependencyInjection.Abstractions.pdb source: 23bGlBtTiX.exe, 00000000.00000002.2987761781.000001DAD46A0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/src/ControlzEx/obj/Release/net462/ControlzEx.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Threading.Tasks.Extensions\netfx\System.Threading.Tasks.Extensions.pdb source: 23bGlBtTiX.exe, 00000000.00000002.2988245314.000001DAD4770000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/src/CommunityToolkit.Mvvm/obj/Release/netstandard2.0/CommunityToolkit.Mvvm.pdb source: 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: dinput.pdb source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD21A7000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: /_/artifacts/obj/Microsoft.Extensions.DependencyInjection.Abstractions/Release/net462/Microsoft.Extensions.DependencyInjection.Abstractions.pdbSHA256: source: 23bGlBtTiX.exe, 00000000.00000002.2987761781.000001DAD46A0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/Release/net462/Microsoft.Bcl.AsyncInterfaces.pdb source: 23bGlBtTiX.exe, 00000000.00000002.2988185158.000001DAD4760000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: D:\Paulo\Projetos\WPF-AutoComplete-TextBox\AutoCompleteTextBox\AutoCompleteTextBox\obj\Release\net472\AutoCompleteTextBox.pdbSHA256 source: 23bGlBtTiX.exe, 00000000.00000002.3124879805.000001DAEEEB0000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2988975888.000001DAD6065000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\src\Microsoft.Xaml.Behaviors\obj\Release\net462\Microsoft.Xaml.Behaviors.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3125044472.000001DAEEEC0000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6FFE000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE7026000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation

Yara detected Costura Assembly Loader

Source: Yara match	File source: 23bGlBtTiX.exe, type: SAMPLE
Source: Yara match	File source: 0.0.23bGlBtTiX.exe.1dad1fc2b43.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.23bGlBtTiX.exe.1dad3f14529.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.23bGlBtTiX.exe.1dad3f42f2d.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.23bGlBtTiX.exe.1dad3ee8325.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1679030875.000001DAD1FDB000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2990307355.000001DAD60C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.1679030875.000001DAD37D2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 23bGlBtTiX.exe PID: 6760, type: MEMORYSTR

Binary contains a suspicious time stamp

Source: 23bGlBtTiX.exe

Static PE information: 0x818D346F [Tue Nov 16 10:07:43 2038 UTC]

PE file contains sections with non-standard names

Source: magick.native-q8-x64.dll.0.dr

Static PE information: section name: _RDATA

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Code function: 0_2_00007FFD9B77D2A5 pushad ; iretd	0_2_00007FFD9B77D2A6
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Code function: 0_2_00007FFD9B8A4BF7 push FFFFFFE8h; ret	0_2_00007FFD9B8A4BF9
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Code function: 0_2_00007FFD9B897A78 pushad ; retf	0_2_00007FFD9B897C5D
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Code function: 0_2_00007FFD9B897C5E push eax; retf	0_2_00007FFD9B897C6D

Drops PE files

Source: C:\Users\user\Desktop\23bGlBtTiX.exe

File created: C:\Users\user\AppData\Local\Temp\Costura\0356CB2390ED0D212B1CEB25ED194726\64\magick.native-q8-x64.dll

Jump to dropped file

Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Memory allocated: 1DAD4660000 memory reserve \| memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Memory allocated: 1DAEE0C0000 memory reserve \| memory write watch			Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\23bGlBtTiX.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Costura\0356CB2390ED0D212B1CEB25ED194726\64\magick.native-q8-x64.dll

Jump to dropped file

Source: C:\Users\user\Desktop\23bGlBtTiX.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp

Binary or memory string: Shell_TrayWnd-Shell_SecondaryTrayWndhwndthis

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Users\user\Desktop\23bGlBtTiX.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Controls.Ribbon\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Controls.Ribbon.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\23bGlBtTiX.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

AV Detection

Sample uses string decryption to hide its real strings

Source: 23bGlBtTiX.exe	String decryptor: n%p
Source: 23bGlBtTiX.exe	String decryptor: =O-
Source: 23bGlBtTiX.exe	String decryptor: 8?^
Source: 23bGlBtTiX.exe	String decryptor: <BW
Source: 23bGlBtTiX.exe	String decryptor: ws\|
Source: 23bGlBtTiX.exe	String decryptor: w!:
Source: 23bGlBtTiX.exe	String decryptor: \|No
Source: 23bGlBtTiX.exe	String decryptor: B&'
Source: 23bGlBtTiX.exe	String decryptor: z`7
Source: 23bGlBtTiX.exe	String decryptor: +u
Source: 23bGlBtTiX.exe	String decryptor: =O-
Source: 23bGlBtTiX.exe	String decryptor: =O-
Source: 23bGlBtTiX.exe	String decryptor: dL- _,
Source: 23bGlBtTiX.exe	String decryptor: dL-

Source: 23bGlBtTiX.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: /_/src/Nito.AsyncEx.Coordination/obj/Release/net461/Nito.AsyncEx.Coordination.pdbSHA256{ source: 23bGlBtTiX.exe, 00000000.00000002.3113392926.000001DAEE980000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/Microsoft.Extensions.DependencyInjection/Release/net462/Microsoft.Extensions.DependencyInjection.pdb source: 23bGlBtTiX.exe, 00000000.00000002.2988027071.000001DAD4740000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE60C8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /_/src/MahApps.Metro.SimpleChildWindow/obj/Release/net47/MahApps.Metro.SimpleChildWindow.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/src/CommunityToolkit.Mvvm/obj/Release/netstandard2.0/CommunityToolkit.Mvvm.pdbSHA256 source: 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: RayCarrot.RCP.Metro.pdb source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: /_/src/MahApps.Metro/obj/Release/net47/MahApps.Metro.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6820000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: D:\Users\RibShark\Documents\Projects\rayman3-input-fix\Release\dinput8.pdb source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD21A7000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: /_/src/Nito.Collections.Deque/obj/Release/net461/Nito.Collections.Deque.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3113630486.000001DAEE9A0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Dev\RayCarrot\RCP_Metro\RayCarrot.RCP.Metro\src\RayCarrot.RCP.Uninstaller\obj\Release\RayCarrot.RCP.Uninstaller.pdb source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD21A7000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: RayCarrot.RCP.Metro.pdbMPDB source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: D:\Paulo\Projetos\WPF-AutoComplete-TextBox\AutoCompleteTextBox\AutoCompleteTextBox\obj\Release\net472\AutoCompleteTextBox.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3124879805.000001DAEEEB0000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2988975888.000001DAD6065000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\Magick.Native\Magick.Native\src\Magick.Native\bin\ReleaseQ8\x64\Magick.Native-Q8-x64.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3214981273.00007FFDF3635000.00000002.00000001.01000000.00000006.sdmp, 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD3689000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/Release/net462/Microsoft.Bcl.AsyncInterfaces.pdbSHA256 source: 23bGlBtTiX.exe, 00000000.00000002.2988185158.000001DAD4760000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/src/Nito.Collections.Deque/obj/Release/net461/Nito.Collections.Deque.pdbSHA256;@ source: 23bGlBtTiX.exe, 00000000.00000002.3113630486.000001DAEE9A0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/src/NLog/obj/Release/net46/NLog.pdbSHA256 source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3110914267.000001DAEE890000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE60C8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /_/src/NLog/obj/Release/net46/NLog.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3110914267.000001DAEE890000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE60C8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\Magick.Native\Magick.Native\src\Magick.Native\bin\ReleaseQ8\x64\Magick.Native-Q8-x64.pdb' source: 23bGlBtTiX.exe, 00000000.00000002.3214981273.00007FFDF3635000.00000002.00000001.01000000.00000006.sdmp, 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD3689000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: /_/artifacts/obj/Microsoft.Extensions.DependencyInjection/Release/net462/Microsoft.Extensions.DependencyInjection.pdbSHA256 source: 23bGlBtTiX.exe, 00000000.00000002.2988027071.000001DAD4740000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE60C8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /_/src/Nito.AsyncEx.Coordination/obj/Release/net461/Nito.AsyncEx.Coordination.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3113392926.000001DAEE980000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/Microsoft.Extensions.DependencyInjection.Abstractions/Release/net462/Microsoft.Extensions.DependencyInjection.Abstractions.pdb source: 23bGlBtTiX.exe, 00000000.00000002.2987761781.000001DAD46A0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/src/ControlzEx/obj/Release/net462/ControlzEx.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Threading.Tasks.Extensions\netfx\System.Threading.Tasks.Extensions.pdb source: 23bGlBtTiX.exe, 00000000.00000002.2988245314.000001DAD4770000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/src/CommunityToolkit.Mvvm/obj/Release/netstandard2.0/CommunityToolkit.Mvvm.pdb source: 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: dinput.pdb source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD21A7000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: /_/artifacts/obj/Microsoft.Extensions.DependencyInjection.Abstractions/Release/net462/Microsoft.Extensions.DependencyInjection.Abstractions.pdbSHA256: source: 23bGlBtTiX.exe, 00000000.00000002.2987761781.000001DAD46A0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/Release/net462/Microsoft.Bcl.AsyncInterfaces.pdb source: 23bGlBtTiX.exe, 00000000.00000002.2988185158.000001DAD4760000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: D:\Paulo\Projetos\WPF-AutoComplete-TextBox\AutoCompleteTextBox\AutoCompleteTextBox\obj\Release\net472\AutoCompleteTextBox.pdbSHA256 source: 23bGlBtTiX.exe, 00000000.00000002.3124879805.000001DAEEEB0000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2988975888.000001DAD6065000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\src\Microsoft.Xaml.Behaviors\obj\Release\net462\Microsoft.Xaml.Behaviors.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3125044472.000001DAEEEC0000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6FFE000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE7026000.00000004.00000800.00020000.00000000.sdmp

Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/mods/rrr/RRR_Patched_GOG.zipVhttps://raym.app/rcp/featured_gb_mods.jsoncnhttps://github.com/RayCarrot/Rayman-Control-Panel-MetroFhttps://www.youtube.com/c/RayCarrot:https://twitter.com/RayCarrot@mailto:RayCarrotMaster@gmail.comhhttps://steamcommunity.com/groups/RaymanControlPanel equals www.twitter.com (Twitter)
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/mods/rrr/RRR_Patched_GOG.zipVhttps://raym.app/rcp/featured_gb_mods.jsoncnhttps://github.com/RayCarrot/Rayman-Control-Panel-MetroFhttps://www.youtube.com/c/RayCarrot:https://twitter.com/RayCarrot@mailto:RayCarrotMaster@gmail.comhhttps://steamcommunity.com/groups/RaymanControlPanel equals www.youtube.com (Youtube)

Source: 23bGlBtTiX.exe, 00000000.00000002.3214981273.00007FFDF359F000.00000002.00000001.01000000.00000006.sdmp, 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD35F3000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://.css
Source: 23bGlBtTiX.exe, 00000000.00000002.3214981273.00007FFDF359F000.00000002.00000001.01000000.00000006.sdmp, 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD35F3000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://.jpg
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6820000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6820000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6820000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6820000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6820000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6820000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6820000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6820000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0K
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Styles/Controls.Buttons.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Styles/Controls.ComboBox.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Styles/Controls.ListBox.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Styles/Controls.Scrollbars.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Styles/Controls.Shared.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Styles/Controls.TabControl.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Styles/Controls.TextBlock.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Styles/Controls.TextBox.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/ColorPicker/ColorCanvas.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/ColorPicker/ColorCanvas.xaml0
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/ColorPicker/ColorComponentSlider.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/ColorPicker/ColorEyeDropper.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/ColorPicker/ColorPalette.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/ColorPicker/ColorPicker.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/ContentControlEx.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/Dialogs/BaseMetroDialog.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/HamburgerMenu.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/HamburgerMenuTemplate.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/HotKeyBox.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/MetroContentControl.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/MetroHeader.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/MetroProgressBar.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/MetroTabControl.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/MetroTabItem.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/MetroWindow.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/NumericUpDown.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/Pivot.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/ProgressRing.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/RangeSlider.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/SplitButton.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/SplitView.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/Thumb.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/Tile.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/ToggleSwitch.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/TransitioningContentControl.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/WindowButtonCommands.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/Themes/WindowCommands.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.blue.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.cyan.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.emerald.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.green.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.green.xaml0
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.indigo.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.lime.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.magenta.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.olive.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.orange.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.purple.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.red.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.sienna.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.steel.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.taupe.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.teal.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.violet.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/dark.yellow.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/light.cyan.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/light.emerald.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/light.green.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/light.indigo.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/light.magenta.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/light.mauve.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/light.pink.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/light.red.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/light.sienna.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/light.steel.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/light.taupe.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/light.teal.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/light.violet.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/MahApps.Metro;component/styles/themes/light.yellow.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Styles/Controls.ListBox.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/ColorPicker/ColorCanvas.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/ColorPicker/ColorComponentSlider.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/ColorPicker/ColorEyeDropper.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/ColorPicker/ColorPalette.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/ColorPicker/ColorPicker.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/ContentControlEx.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/Dialogs/BaseMetroDialog.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/HamburgerMenu.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/HamburgerMenuTemplate.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/HotKeyBox.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/MetroAnimatedTabControl.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/MetroContentControl.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/MetroHeader.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/MetroProgressBar.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/MetroTabControl.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/MetroTabItem.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/MetroWindow.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/NumericUpDown.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/Pivot.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/ProgressRing.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/RangeSlider.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/SplitButton.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/SplitView.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/Thumb.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/Tile.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/ToggleSwitch.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/TransitioningContentControl.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/WindowButtonCommands.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/Themes/WindowCommands.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/controls.listbox.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/controls.listbox.baml0
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/dark.blue.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/dark.cyan.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/dark.emerald.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/dark.green.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/dark.indigo.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/dark.lime.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/dark.magenta.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/dark.olive.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/dark.orange.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/dark.purple.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/dark.red.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/dark.sienna.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/dark.steel.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/dark.taupe.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/dark.teal.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/dark.violet.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/dark.yellow.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/light.cyan.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/light.emerald.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/light.green.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/light.indigo.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/light.magenta.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/light.mauve.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/light.pink.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/light.red.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/light.sienna.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/light.steel.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/light.taupe.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/light.teal.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/light.violet.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/styles/themes/light.yellow.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/colorpicker/colorcanvas.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/colorpicker/colorcomponentslider.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/colorpicker/coloreyedropper.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/colorpicker/colorpalette.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/colorpicker/colorpicker.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/contentcontrolex.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/dialogs/basemetrodialog.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/hamburgermenu.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/hamburgermenutemplate.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/hotkeybox.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/metroanimatedtabcontrol.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/metrocontentcontrol.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/metroheader.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/metroprogressbar.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/metrotabcontrol.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/metrotabitem.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/metrowindow.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/numericupdown.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/pivot.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/progressring.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/rangeslider.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/splitbutton.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/splitview.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/thumb.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/tile.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/toggleswitch.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/transitioningcontentcontrol.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/windowbuttoncommands.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/themes/windowcommands.baml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.blue.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.blue.xaml0
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.cyan.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.emerald.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.green.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.indigo.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.lime.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.magenta.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.olive.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.orange.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.purple.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.red.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.sienna.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.steel.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.taupe.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.teal.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.violet.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/dark.yellow.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/light.cyan.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/light.emerald.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/light.green.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/light.indigo.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/light.magenta.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/light.mauve.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/light.pink.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/light.red.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/light.sienna.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/light.steel.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/light.taupe.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6B09000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/light.teal.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/light.violet.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/styles/themes/light.yellow.xaml
Source: 23bGlBtTiX.exe, 00000000.00000002.3214981273.00007FFDF359F000.00000002.00000001.01000000.00000006.sdmp, 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD35F3000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://html4/loose.dtd
Source: 23bGlBtTiX.exe, 00000000.00000002.3214981273.00007FFDF30A9000.00000002.00000001.01000000.00000006.sdmp, 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD30FD000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://medical.nema.org/.
Source: 23bGlBtTiX.exe	String found in binary or memory: http://metro.mahapps.com/winfx/xaml/controls
Source: 23bGlBtTiX.exe	String found in binary or memory: http://metro.mahapps.com/winfx/xaml/iconpacks
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6EEC000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6B3D000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://metro.mahapps.com/winfx/xaml/shared
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6EEC000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://metro.mahapps.com/winfx/xaml/simplechildwindow
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3110914267.000001DAEE890000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE60C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nlog-project.org/dummynamespace/
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6820000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6820000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6820000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0K
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0N
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6820000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3110914267.000001DAEE890000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE60C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: 23bGlBtTiX.exe, 00000000.00000002.2990307355.000001DAD6109000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: 23bGlBtTiX.exe	String found in binary or memory: http://wpfcontrols.com/
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD317E000.00000002.00000001.01000000.00000003.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3214981273.00007FFDF312A000.00000002.00000001.01000000.00000006.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6820000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: 23bGlBtTiX.exe, 00000000.00000002.3214981273.00007FFDF312A000.00000002.00000001.01000000.00000006.sdmp	String found in binary or memory: http://www.libpng.org/
Source: 23bGlBtTiX.exe, 00000000.00000002.3214981273.00007FFDF312A000.00000002.00000001.01000000.00000006.sdmp	String found in binary or memory: http://www.libpng.org/pub/mng/
Source: 23bGlBtTiX.exe, 00000000.00000002.3214981273.00007FFDF30A9000.00000002.00000001.01000000.00000006.sdmp, 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD30FD000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.smtpe.org
Source: 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://aka.ms/toolkit/dotnet
Source: 23bGlBtTiX.exe, 00000000.00000002.3246833523.00007FFDF37F3000.00000002.00000001.01000000.00000006.sdmp, 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD37D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://efg2.com/Lab/Library/ImageProcessing/DHALF.TXT
Source: 23bGlBtTiX.exe, 00000000.00000002.3246833523.00007FFDF37F3000.00000002.00000001.01000000.00000006.sdmp, 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD37D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://fho-emden.de/~hoffmann/hilb010101.pdf
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://gamebanana.com/apiv11/Game/
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://gamebanana.com/apiv11/Mod/
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://gamebanana.com/apiv11/Mod/Multi?_csvRowIds=
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://gamebanana.com/mods/
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://gamejolt.com/games/RaymanGardenPlus/622289
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://gamejolt.com/games/Rayman_ReDesigner/539216
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://gamejolt.com/games/Rayman_ReDesigner/539216dhttps://gamejolt.com/games/dreamersboundary/5075
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://gamejolt.com/games/Rayman_The_Dark_Magicians_Reign_of_terror/237701
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://gamejolt.com/games/Rayman_The_Dark_Magicians_Reign_of_terror/237701YRayman
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://gamejolt.com/games/dreamersboundary/507525GRayman
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://gamejolt.com/games/globoxmoment/428585
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://gamejolt.com/games/globoxmoment/428585#Globox
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://gamejolt.com/games/rayman_bowling_2/532563
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://gamejolt.com/games/rayman_bowling_2/532563)Rayman
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://gamejolt.com/games/raymanredemption/340532
Source: 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/CommunityToolkit/dotnet
Source: 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/ControlzEx/ControlzEx
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/ControlzEx/ControlzEx0
Source: 23bGlBtTiX.exe, 00000000.00000002.2988975888.000001DAD5FF2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/MahApps/MahAp
Source: 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/MahApps/MahApps.Metro.git
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6820000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/MahApps/MahApps.Metro0
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3110914267.000001DAEE890000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE60C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/NLog/NLog.git
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/RayCarrot/RayCarrot.RCP.Metro/wiki/Mod-LoaderCConverting
Source: 23bGlBtTiX.exe, 00000000.00000002.3113392926.000001DAEE980000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/StephenCleary/AsyncEx
Source: 23bGlBtTiX.exe, 00000000.00000002.3113392926.000001DAEE980000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/StephenCleary/AsyncEx5
Source: 23bGlBtTiX.exe, 00000000.00000002.3113630486.000001DAEE9A0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/StephenCleary/Deque
Source: 23bGlBtTiX.exe, 00000000.00000002.3113630486.000001DAEE9A0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/StephenCleary/Deque2
Source: 23bGlBtTiX.exe, 00000000.00000002.2988245314.000001DAD4770000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f
Source: 23bGlBtTiX.exe, 00000000.00000002.2988245314.000001DAD4770000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f8
Source: 23bGlBtTiX.exe, 00000000.00000002.2988185158.000001DAD4760000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2988027071.000001DAD4740000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE60C8000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2987761781.000001DAD46A0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/dotnet/runtime
Source: 23bGlBtTiX.exe, 00000000.00000002.3125044472.000001DAEEEC0000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6FFE000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE7026000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/microsoft/XamlBehaviorsWpf
Source: 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/punker76/MahApps.Metro.SimpleChildWindow
Source: 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/punker76/MahApps.Metro.SimpleChildWindow.git
Source: 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/punker76/MahApps.Metro.SimpleChildWindow.gitT
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD3218000.00000002.00000001.01000000.00000003.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3214981273.00007FFDF31C3000.00000002.00000001.01000000.00000006.sdmp	String found in binary or memory: https://gitlab.gnome.org/GNOME/glib/issues/new
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD3218000.00000002.00000001.01000000.00000003.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3214981273.00007FFDF31C3000.00000002.00000001.01000000.00000006.sdmp	String found in binary or memory: https://gitlab.gnome.org/GNOME/glib/issues/newD:
Source: magick.native-q8-x64.dll.0.dr	String found in binary or memory: https://imagemagick.org
Source: 23bGlBtTiX.exe, 00000000.00000002.3246833523.00007FFDF37F3000.00000002.00000001.01000000.00000006.sdmp, 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD37D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://imagemagick.org/
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD37D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://imagemagick.org/0
Source: 23bGlBtTiX.exe, 00000000.00000002.3214981273.00007FFDF3005000.00000002.00000001.01000000.00000006.sdmp, 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD2BA7000.00000002.00000001.01000000.00000003.sdmp, magick.native-q8-x64.dll.0.dr	String found in binary or memory: https://imagemagick.orgsoftwareThumb::Image::WidthThumb::Image::HeightThumb::Document::Pages
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE60C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nlog-project.org/
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/maps/2https://raym.app/maps_r1/
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/maps/?mode=
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/maps_r1/?mode=
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/ray1editor/
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/RCP_Metro_Manifest.json
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/Xhttps://raym.app/rcp/RCP_Metro_Manifest.json
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/featured_gb_mods.jsoncILoading
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/news.json
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/news.jsonLhttps://raym.app/rcp/resources/12.0.0/
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/demos/R3_Demo_1.zip
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/demos/R3_Demo_2.zip7Rayman3_Demo_20021210_Win32
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/demos/R3_Demo_3.zip7Rayman3_Demo_20030108_Win32
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/demos/R3_Demo_4.zip
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/demos/R3_Demo_5.zip7Rayman3_Demo_20030129_Win32
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/demos/RRR_Demo.zip3RaymanRavingRabbids_Win32
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/demos/Rayman_1_Demo_1.zip7Rayman1_Demo_19960215_MsDos
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/demos/Rayman_1_Demo_2.zip
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/demos/Rayman_1_Demo_3.zip7Rayman1_Demo_19951207_MsDos
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/demos/Rayman_2_Demo_1.zip)BinData
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/demos/Rayman_2_Demo_2.zip
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/demos/Rayman_Gold_Demo.zip
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/demos/Rayman_Gold_Demo.zip~https://raym.app/rcp/resources/12.0
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/demos/Rayman_M_Demo.zip
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/games/PrintStudio1.zipyhttps://raym.app/rcp/resources/12.0.0/g
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/games/RavingRabbidsActivityCenter.zipORaymanRavingRabbids_Demo
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/games/RavingRabbidsActivityCenter.ziprhttps://raym.app/rcp/res
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/games/Ray1Minigames.zip7Rayman2_Demo_19990818_Win32
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/mods/rrr/RRR_Patched_GOG.zip)Invalid
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/mods/rrr/RRR_Patched_GOG.zipVhttps://raym.app/rcp/featured_gb_
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/mods/rrr/RRR_Patched_Steam.zip
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/utilities/Vhttps://raym.app/rcp/resources/12.0.0/mods/Xhttps:/
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/utilities/r1/CompleteOST.zip
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/utilities/r1/CompleteOST.zip/Replacing
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/utilities/r1/IncompleteOST.zip
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/utilities/r1/TPLS.zipIThe
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/utilities/r1/raykit/CLIENT.EXE
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/utilities/r1/raykit/RAYRUN.EXE
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/utilities/r1/raykit/STARTUP.EXE
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/utilities/r1/raykit/al/MAPPER.EXE
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/utilities/r1/raykit/fr/MAPPER.EXE
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/utilities/r1/raykit/us/MAPPER.EXE
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/utilities/ro/Updater.zip
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://raym.app/rcp/resources/12.0.0/utilities/ro/Updater.zip1RaymanOriginspc_1.02.exe-Downloading
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://steamcommunity.com/groups/RaymanControlPanel
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://steamcommunity.com/groups/RaymanControlPanel/discussions/0/1812044473314212117/
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://store.steampowered.com/app/?https://steamcommunity.com/app/%steam://rungameid/
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://store.ubisoft.com/game?pid=
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.gog.com/game/rayman_2_the_great_escape
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.gog.com/game/rayman_3_hoodlum_havoc
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.gog.com/game/rayman_forever3GameDisplay_PurchaseUplay
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.gog.com/game/rayman_origins
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.gog.com/game/rayman_raving_rabbids
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.google.com/s2/favicons?domain=-Getting
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3110914267.000001DAEE890000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE60C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.nuget.org/packages/NLog.Web.AspNetCore

Creates a DirectInput object (often for capturing keystrokes)

Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD21A7000.00000002.00000001.01000000.00000003.sdmp

Binary or memory string: DirectInput8Create called.

memstr_109c4676-8

Installs a raw input device (often for capturing keystrokes)

Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD21A7000.00000002.00000001.01000000.00000003.sdmp

Binary or memory string: ARegisterRawInputDevices

memstr_4ca13a1f-5

Detected potential crypto function

Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Code function: 0_2_00007FFD9B899BA0	0_2_00007FFD9B899BA0
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Code function: 0_2_00007FFD9B897E49	0_2_00007FFD9B897E49
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Code function: 0_2_00007FFD9B890548	0_2_00007FFD9B890548
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Code function: 0_2_00007FFD9B89BAA1	0_2_00007FFD9B89BAA1
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Code function: 0_2_00007FFD9B89C7E0	0_2_00007FFD9B89C7E0

PE file does not import any functions

Source: 23bGlBtTiX.exe

Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameControlzEx.dll6 vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6820000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMahApps.Metro.dll< vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMahApps.Metro.dll< vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: _originalFileName vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNLog.dll8 vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameControlzEx.dll6 vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.2988185158.000001DAD4760000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Bcl.AsyncInterfaces.dll@ vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3246833523.00007FFDF37F3000.00000002.00000001.01000000.00000006.sdmp	Binary or memory string: OriginalFilenameMagick.Native< vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3110914267.000001DAEE890000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: _originalFileName vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3110914267.000001DAEE890000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameNLog.dll8 vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD21A7000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameRayCarrot.RCP.Updater.exe^ vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD21A7000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameRayCarrot.RCP.Uninstaller.exeT vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD21A7000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameDInput.dllj% vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3125044472.000001DAEEEC0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Xaml.Behaviors.dllR vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.2988027071.000001DAD4740000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Extensions.DependencyInjection.dll@ vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD37D2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameMagick.Native< vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD37D2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameRayCarrot.RCP.Metro.resources.dllL vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6FFE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Xaml.Behaviors.dllR vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3113630486.000001DAEE9A0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameNito.Collections.Deque.dllN vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3113392926.000001DAEE980000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameNito.AsyncEx.Coordination.dllT vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3124879805.000001DAEEEB0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameAutoCompleteTextBox.dllH vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE60C8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Extensions.DependencyInjection.dll@ vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE60C8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: _originalFileName vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE60C8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameNLog.dll8 vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000000.1711444485.000001DAD4306000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameRayCarrot.RCP.Metro.exeJ vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMahApps.Metro.dll< vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.2988245314.000001DAD4770000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameSystem.Threading.Tasks.Extensions.dllT vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.2987761781.000001DAD46A0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Extensions.DependencyInjection.Abstractions.dll@ vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameCommunityToolkit.Mvvm.dllN vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMahApps.Metro.SimpleChildWindow.dll` vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.2988975888.000001DAD6065000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameAutoCompleteTextBox.dllH vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE7026000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Xaml.Behaviors.dllR vs 23bGlBtTiX.exe
Source: 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameControlzEx.dll6 vs 23bGlBtTiX.exe

Source: classification engine

Classification label: mal48.evad.winEXE@1/1@0/0

Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Mutant created: NULL
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Mutant created: \Sessions\1\BaseNamedObjects\Costura0356CB2390ED0D212B1CEB25ED194726
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\b2de6d50-e70b-47c4-bef0-471de28816d0

Source: C:\Users\user\Desktop\23bGlBtTiX.exe

File created: C:\Users\user\AppData\Local\Temp\Costura

Jump to behavior

Source: 23bGlBtTiX.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 23bGlBtTiX.exe

Static file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%

Source: C:\Users\user\Desktop\23bGlBtTiX.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 23bGlBtTiX.exe	String found in binary or memory: Binstaller/installergifs/astro.gif
Source: 23bGlBtTiX.exe	String found in binary or memory: @installer/installergifs/cask.gif+
Source: 23bGlBtTiX.exe	String found in binary or memory: Binstaller/installergifs/chase.gifL
Source: 23bGlBtTiX.exe	String found in binary or memory: @installer/installergifs/glob.gif
Source: 23bGlBtTiX.exe	String found in binary or memory: Binstaller/installergifs/rodeo.gifj
Source: 23bGlBtTiX.exe	String found in binary or memory: Pui/controls/loadinghost/loadinghost.baml.
Source: 23bGlBtTiX.exe	String found in binary or memory: Nui/dialogs/addgames/addgamesdialog.baml7
Source: 23bGlBtTiX.exe	String found in binary or memory: Xui/dialogs/addgames/addgamesgamecontrol.baml8
Source: 23bGlBtTiX.exe	String found in binary or memory: lui/dialogs/gameclientssetup/addgameclientscontrol.baml9
Source: 23bGlBtTiX.exe	String found in binary or memory: (UI/Controls/LoadingHost/LoadingHost.xaml?

Source: C:\Users\user\Desktop\23bGlBtTiX.exe

File read: C:\Users\user\Desktop\23bGlBtTiX.exe:Zone.Identifier

Jump to behavior

Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: msvcp140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: msctfui.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Section loaded: d3dcompiler_47.dll	Jump to behavior

Source: C:\Users\user\Desktop\23bGlBtTiX.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\23bGlBtTiX.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: 23bGlBtTiX.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: 23bGlBtTiX.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: 23bGlBtTiX.exe

Static file information: File size 51514368 > 1048576

Source: 23bGlBtTiX.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x30f2800

Source: 23bGlBtTiX.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: 23bGlBtTiX.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: /_/src/Nito.AsyncEx.Coordination/obj/Release/net461/Nito.AsyncEx.Coordination.pdbSHA256{ source: 23bGlBtTiX.exe, 00000000.00000002.3113392926.000001DAEE980000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/Microsoft.Extensions.DependencyInjection/Release/net462/Microsoft.Extensions.DependencyInjection.pdb source: 23bGlBtTiX.exe, 00000000.00000002.2988027071.000001DAD4740000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE60C8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /_/src/MahApps.Metro.SimpleChildWindow/obj/Release/net47/MahApps.Metro.SimpleChildWindow.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3124632455.000001DAEEE90000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/src/CommunityToolkit.Mvvm/obj/Release/netstandard2.0/CommunityToolkit.Mvvm.pdbSHA256 source: 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: RayCarrot.RCP.Metro.pdb source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: /_/src/MahApps.Metro/obj/Release/net47/MahApps.Metro.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6820000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3114651832.000001DAEEA30000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: D:\Users\RibShark\Documents\Projects\rayman3-input-fix\Release\dinput8.pdb source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD21A7000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: /_/src/Nito.Collections.Deque/obj/Release/net461/Nito.Collections.Deque.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3113630486.000001DAEE9A0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Dev\RayCarrot\RCP_Metro\RayCarrot.RCP.Metro\src\RayCarrot.RCP.Uninstaller\obj\Release\RayCarrot.RCP.Uninstaller.pdb source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD21A7000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: RayCarrot.RCP.Metro.pdbMPDB source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: D:\Paulo\Projetos\WPF-AutoComplete-TextBox\AutoCompleteTextBox\AutoCompleteTextBox\obj\Release\net472\AutoCompleteTextBox.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3124879805.000001DAEEEB0000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2988975888.000001DAD6065000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\Magick.Native\Magick.Native\src\Magick.Native\bin\ReleaseQ8\x64\Magick.Native-Q8-x64.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3214981273.00007FFDF3635000.00000002.00000001.01000000.00000006.sdmp, 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD3689000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/Release/net462/Microsoft.Bcl.AsyncInterfaces.pdbSHA256 source: 23bGlBtTiX.exe, 00000000.00000002.2988185158.000001DAD4760000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/src/Nito.Collections.Deque/obj/Release/net461/Nito.Collections.Deque.pdbSHA256;@ source: 23bGlBtTiX.exe, 00000000.00000002.3113630486.000001DAEE9A0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/src/NLog/obj/Release/net46/NLog.pdbSHA256 source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3110914267.000001DAEE890000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE60C8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /_/src/NLog/obj/Release/net46/NLog.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3110914267.000001DAEE890000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE60C8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\Magick.Native\Magick.Native\src\Magick.Native\bin\ReleaseQ8\x64\Magick.Native-Q8-x64.pdb' source: 23bGlBtTiX.exe, 00000000.00000002.3214981273.00007FFDF3635000.00000002.00000001.01000000.00000006.sdmp, 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD3689000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: /_/artifacts/obj/Microsoft.Extensions.DependencyInjection/Release/net462/Microsoft.Extensions.DependencyInjection.pdbSHA256 source: 23bGlBtTiX.exe, 00000000.00000002.2988027071.000001DAD4740000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE60C8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /_/src/Nito.AsyncEx.Coordination/obj/Release/net461/Nito.AsyncEx.Coordination.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3113392926.000001DAEE980000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/Microsoft.Extensions.DependencyInjection.Abstractions/Release/net462/Microsoft.Extensions.DependencyInjection.Abstractions.pdb source: 23bGlBtTiX.exe, 00000000.00000002.2987761781.000001DAD46A0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/src/ControlzEx/obj/Release/net462/ControlzEx.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6351000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6DE4000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3113747204.000001DAEE9E0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Threading.Tasks.Extensions\netfx\System.Threading.Tasks.Extensions.pdb source: 23bGlBtTiX.exe, 00000000.00000002.2988245314.000001DAD4770000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/src/CommunityToolkit.Mvvm/obj/Release/netstandard2.0/CommunityToolkit.Mvvm.pdb source: 23bGlBtTiX.exe, 00000000.00000002.2988422510.000001DAD4930000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: dinput.pdb source: 23bGlBtTiX.exe, 00000000.00000000.1679030875.000001DAD21A7000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: /_/artifacts/obj/Microsoft.Extensions.DependencyInjection.Abstractions/Release/net462/Microsoft.Extensions.DependencyInjection.Abstractions.pdbSHA256: source: 23bGlBtTiX.exe, 00000000.00000002.2987761781.000001DAD46A0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/Release/net462/Microsoft.Bcl.AsyncInterfaces.pdb source: 23bGlBtTiX.exe, 00000000.00000002.2988185158.000001DAD4760000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: D:\Paulo\Projetos\WPF-AutoComplete-TextBox\AutoCompleteTextBox\AutoCompleteTextBox\obj\Release\net472\AutoCompleteTextBox.pdbSHA256 source: 23bGlBtTiX.exe, 00000000.00000002.3124879805.000001DAEEEB0000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.2988975888.000001DAD6065000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\src\Microsoft.Xaml.Behaviors\obj\Release\net462\Microsoft.Xaml.Behaviors.pdb source: 23bGlBtTiX.exe, 00000000.00000002.3125044472.000001DAEEEC0000.00000004.08000000.00040000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE6FFE000.00000004.00000800.00020000.00000000.sdmp, 23bGlBtTiX.exe, 00000000.00000002.3058157758.000001DAE7026000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation

Yara detected Costura Assembly Loader

Source: Yara match	File source: 23bGlBtTiX.exe, type: SAMPLE
Source: Yara match	File source: 0.0.23bGlBtTiX.exe.1dad1fc2b43.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.23bGlBtTiX.exe.1dad3f14529.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.23bGlBtTiX.exe.1dad3f42f2d.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.23bGlBtTiX.exe.1dad3ee8325.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1679030875.000001DAD1FDB000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2990307355.000001DAD60C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.1679030875.000001DAD41D2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.1679030875.000001DAD37D2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 23bGlBtTiX.exe PID: 6760, type: MEMORYSTR

Binary contains a suspicious time stamp

Source: 23bGlBtTiX.exe

Static PE information: 0x818D346F [Tue Nov 16 10:07:43 2038 UTC]

PE file contains sections with non-standard names

Source: magick.native-q8-x64.dll.0.dr

Static PE information: section name: _RDATA

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Code function: 0_2_00007FFD9B77D2A5 pushad ; iretd	0_2_00007FFD9B77D2A6
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Code function: 0_2_00007FFD9B8A4BF7 push FFFFFFE8h; ret	0_2_00007FFD9B8A4BF9
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Code function: 0_2_00007FFD9B897A78 pushad ; retf	0_2_00007FFD9B897C5D
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Code function: 0_2_00007FFD9B897C5E push eax; retf	0_2_00007FFD9B897C6D

Drops PE files

Source: C:\Users\user\Desktop\23bGlBtTiX.exe

File created: C:\Users\user\AppData\Local\Temp\Costura\0356CB2390ED0D212B1CEB25ED194726\64\magick.native-q8-x64.dll

Jump to dropped file

Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Memory allocated: 1DAD4660000 memory reserve \| memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Memory allocated: 1DAEE0C0000 memory reserve \| memory write watch			Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\23bGlBtTiX.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Costura\0356CB2390ED0D212B1CEB25ED194726\64\magick.native-q8-x64.dll

Jump to dropped file

Source: C:\Users\user\Desktop\23bGlBtTiX.exe

Memory allocated: page read and write | page guard

Jump to behavior

Binary or memory string: Shell_TrayWnd-Shell_SecondaryTrayWndhwndthis

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Users\user\Desktop\23bGlBtTiX.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Controls.Ribbon\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Controls.Ribbon.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\23bGlBtTiX.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\23bGlBtTiX.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

ID:	1446918
Product:	CloudBasic
Start time:	01:03:12
Start date:	24.05.2024
Sample:	23bGlBtTiX.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	4e14611a07ab337ac271117a19c3181e
SHA1:	b1e420c460b8dd3d8fbcd5e1f0a14da833d6c05e
SHA256:	ca6e33cf72e210e9b8faaa354de8b2382fc5e2a163d9172802011f68983fccb0
Filetype:	Win64 Executable GUI Net Framework (217006/5) 49.88%

Windows Analysis Report
23bGlBtTiX.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report 23bGlBtTiX.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
23bGlBtTiX.exe