Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
KyrazonSetup.exe

Overview

General Information

Sample name:KyrazonSetup.exe
Analysis ID:1489101
MD5:7a84bbeade50e7110fe8d278dc22b92d
SHA1:9624dde2043059402cc1f729684ecc2f9a424eef
SHA256:c765f61cee33c326acc4ea19256267c35129a1ec7edb567fe0b5ed9a88e3d6b1
Tags:exeGuLoader
Infos:

Detection

Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Drops large PE files
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal communication platform credentials (via file / registry access)
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Enables security privileges
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: Startup Folder File Write
Stores files to the Windows start menu directory
Too many similar processes found
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

  • System is w10x64
  • KyrazonSetup.exe (PID: 7440 cmdline: "C:\Users\user\Desktop\KyrazonSetup.exe" MD5: 7A84BBEADE50E7110FE8D278DC22B92D)
    • cmd.exe (PID: 7476 cmdline: "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq KyrazonGodot.exe" /FO csv | "C:\Windows\system32\find.exe" "KyrazonGodot.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 7484 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7528 cmdline: tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq KyrazonGodot.exe" /FO csv MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • find.exe (PID: 7536 cmdline: "C:\Windows\system32\find.exe" "KyrazonGodot.exe" MD5: 15B158BC998EEF74CFDD27C44978AEA0)
  • KyrazonGodot.exe (PID: 7944 cmdline: "C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe" MD5: EEB12AAC1FF31A9D17BA437700CAF9D6)
    • KyrazonGodot.exe (PID: 3552 cmdline: "C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\KyrazonGodot" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1772 --field-trial-handle=1776,i,4294901941177378234,17718125093265605642,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 MD5: EEB12AAC1FF31A9D17BA437700CAF9D6)
    • Shortcut.exe (PID: 984 cmdline: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exe /A:C "/F:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KyrazonGodot.lnk" /T:C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe MD5: 59375510BDE2FF0DBA7A8197AD9F12BB)
      • conhost.exe (PID: 2504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 3864 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 1900 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 3852 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7240 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • Conhost.exe (PID: 8012 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7500 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7032 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7424 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7604 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7324 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7540 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 396 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7492 cmdline: C:\Windows\system32\cmd.exe /d /s /c "where /r . data.sqlite" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7524 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • where.exe (PID: 7232 cmdline: where /r . data.sqlite MD5: 3CF958B0F63FB1D74F7FCFE14B039A58)
    • cmd.exe (PID: 5020 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5348 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 2076 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
        • Conhost.exe (PID: 1740 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • KyrazonGodot.exe (PID: 4944 cmdline: "C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\KyrazonGodot" --mojo-platform-channel-handle=2364 --field-trial-handle=1776,i,4294901941177378234,17718125093265605642,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8 MD5: EEB12AAC1FF31A9D17BA437700CAF9D6)
    • cmd.exe (PID: 7768 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7700 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 3332 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7912 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1144 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7996 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
        • Conhost.exe (PID: 7984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 7856 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3396 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7932 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7456 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7448 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 6612 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 2568 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 824 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7564 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 1740 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • Conhost.exe (PID: 1848 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 1448 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7364 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7932 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 5356 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2328 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 6636 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 792 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5224 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 1404 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 4556 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3568 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 5468 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
        • Conhost.exe (PID: 6592 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 396 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7480 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 7768 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 7912 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • Conhost.exe (PID: 1772 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 4208 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • Conhost.exe (PID: 4268 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 396 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 1720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • KyrazonGodot.exe (PID: 6040 cmdline: "C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe" MD5: EEB12AAC1FF31A9D17BA437700CAF9D6)
    • KyrazonGodot.exe (PID: 7952 cmdline: "C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\KyrazonGodot" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1740 --field-trial-handle=1744,i,17217612992806517809,8679626120337516312,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 MD5: EEB12AAC1FF31A9D17BA437700CAF9D6)
    • cmd.exe (PID: 2180 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2140 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • Conhost.exe (PID: 5664 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 4124 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • KyrazonGodot.exe (PID: 1612 cmdline: "C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\KyrazonGodot" --mojo-platform-channel-handle=2228 --field-trial-handle=1744,i,17217612992806517809,8679626120337516312,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8 MD5: EEB12AAC1FF31A9D17BA437700CAF9D6)
    • cmd.exe (PID: 5764 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7172 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 5184 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
        • Conhost.exe (PID: 7692 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 7608 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7512 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
        • Conhost.exe (PID: 3852 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • Conhost.exe (PID: 7552 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • Conhost.exe (PID: 4088 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • Conhost.exe (PID: 4812 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 7520 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7548 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 1236 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
        • Conhost.exe (PID: 5916 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • Conhost.exe (PID: 7864 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 2944 cmdline: C:\Windows\system32\cmd.exe /d /s /c "where /r . data.sqlite" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5672 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • where.exe (PID: 5020 cmdline: where /r . data.sqlite MD5: 3CF958B0F63FB1D74F7FCFE14B039A58)
    • cmd.exe (PID: 4812 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8004 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7976 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7856 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 368 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 1284 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
      • Conhost.exe (PID: 7928 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 5804 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7456 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • Conhost.exe (PID: 7684 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 4020 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
      • Conhost.exe (PID: 1856 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 2924 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7632 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
        • Conhost.exe (PID: 3400 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 7244 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4040 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7692 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • Conhost.exe (PID: 4812 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • Conhost.exe (PID: 3396 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 3752 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • Conhost.exe (PID: 7564 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 2180 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • Conhost.exe (PID: 2840 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 2924 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 7832 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • Conhost.exe (PID: 3696 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 7884 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 2228 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 2180 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • Conhost.exe (PID: 4348 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 5016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • Conhost.exe (PID: 8120 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 6592 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 6648 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup
No configs have been found
No yara matches

System Summary

barindex
Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: C:\Windows\system32\cmd.exe /d /s /c "where /r . data.sqlite", CommandLine: C:\Windows\system32\cmd.exe /d /s /c "where /r . data.sqlite", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe" , ParentImage: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe, ParentProcessId: 7944, ParentProcessName: KyrazonGodot.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /d /s /c "where /r . data.sqlite", ProcessId: 7492, ProcessName: cmd.exe
Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: C:\Windows\system32\cmd.exe /d /s /c "where /r . data.sqlite", CommandLine: C:\Windows\system32\cmd.exe /d /s /c "where /r . data.sqlite", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe" , ParentImage: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe, ParentProcessId: 7944, ParentProcessName: KyrazonGodot.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /d /s /c "where /r . data.sqlite", ProcessId: 7492, ProcessName: cmd.exe
Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exe, ProcessId: 984, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KyrazonGodot.lnk
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: KyrazonSetup.exeReversingLabs: Detection: 18%
Source: KyrazonSetup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\KyrazonSetup.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b3cf5a4f-183c-5906-ad23-5f1f95ad8d0eJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile created: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile created: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile created: C:\Users\user\AppData\Local\Programs\KyrazonGodot\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile created: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\ReadMe.txtJump to behavior
Source: KyrazonSetup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Dev\elevate\bin\x86\Release\Elevate.pdb source: KyrazonSetup.exe, 00000000.00000003.1938061587.00000000007CF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdb source: KyrazonSetup.exe, 00000000.00000003.1883900988.00000000050DC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\ffmpeg.dll.pdb source: KyrazonSetup.exe, 00000000.00000003.1885538165.00000000050D6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdbGCTL source: KyrazonSetup.exe, 00000000.00000003.1883900988.00000000050DC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vk_swiftshader.dll.pdb source: KyrazonSetup.exe, 00000000.00000003.1933472461.00000000050EE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: KyrazonSetup.exe, 00000000.00000003.1933793850.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1880679511.0000000004ED0000.00000004.00001000.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1880902118.0000000005740000.00000004.00001000.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1880957683.0000000005781000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\KyrazonSetup.exeCode function: 0_2_00405768 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_00405768
Source: C:\Users\user\Desktop\KyrazonSetup.exeCode function: 0_2_004062A3 FindFirstFileA,FindClose,0_2_004062A3
Source: C:\Users\user\Desktop\KyrazonSetup.exeCode function: 0_2_004026FE FindFirstFileA,0_2_004026FE
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\localesJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\resourcesJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\resources\app.asar.unpackedJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\resources\app.asar.unpacked\node_modules\windows-shortcuts\libJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\resources\app.asar.unpacked\node_modulesJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\resources\app.asar.unpacked\node_modules\windows-shortcutsJump to behavior
Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
Source: Joe Sandbox ViewIP Address: 45.55.107.24 45.55.107.24
Source: unknownTCP traffic detected without corresponding DNS query: 92.246.138.20
Source: unknownTCP traffic detected without corresponding DNS query: 92.246.138.20
Source: unknownTCP traffic detected without corresponding DNS query: 92.246.138.20
Source: unknownTCP traffic detected without corresponding DNS query: 92.246.138.20
Source: unknownTCP traffic detected without corresponding DNS query: 92.246.138.20
Source: unknownTCP traffic detected without corresponding DNS query: 92.246.138.20
Source: unknownTCP traffic detected without corresponding DNS query: 92.246.138.20
Source: unknownTCP traffic detected without corresponding DNS query: 92.246.138.20
Source: unknownTCP traffic detected without corresponding DNS query: 92.246.138.20
Source: unknownTCP traffic detected without corresponding DNS query: 92.246.138.20
Source: unknownTCP traffic detected without corresponding DNS query: 92.246.138.20
Source: unknownTCP traffic detected without corresponding DNS query: 92.246.138.20
Source: unknownTCP traffic detected without corresponding DNS query: 92.246.138.20
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global trafficDNS traffic detected: DNS query: oshi.at
Source: global trafficDNS traffic detected: DNS query: tempfile.me
Source: global trafficDNS traffic detected: DNS query: api.gofile.io
Source: global trafficDNS traffic detected: DNS query: file.io
Source: global trafficDNS traffic detected: DNS query: zerostone.discloud.app
Source: global trafficDNS traffic detected: DNS query: discord.com
Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.izs.me)
Source: KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.izs.me/)
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cldr.unicode.org/index/downloads
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/smhasher/
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/v8
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://devel.freebsoft.org/speechd
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://developer.android.com/tools/extras/support-library.html
Source: KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/uuid.html
Source: KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dominictarr.com)
Source: KyrazonSetup.exe, 00000000.00000003.1934910421.00000000007CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ejemplo.com
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://freedesktop.org
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://git.linuxtv.org/v4l-utils.git
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.github.io/snappy/
Source: KyrazonSetup.exe, 00000000.00000003.1938061587.00000000007CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://int3.de/
Source: KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ljharb.codes
Source: KyrazonSetup.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: KyrazonSetup.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://opensource.perlig.de/rjsmin/
Source: KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pajhome.org.uk/crypt/md5
Source: KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://re-becca.org/)
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://source.android.com/
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://source.android.com/compatibility)
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/xz/COPYING
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tukaani.org/xz/
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://valgrind.org
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://webkit.org/
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://website-archive.mozilla.org/www.mozilla.org/mpl/MPL/NPL/1.1/):
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.chromium.org
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.freedesktop.org/wiki/Software/xdg-user-dirs
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gutenberg.org/ebooks/53).
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.linux-usb.org/usb-ids.html
Source: KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.movable-type.co.uk/scripts/sha1.html
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/MPL/
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/NPL/
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.org/licenses/bsd-license.php
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ploscompbiol.org/static/license
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.strongtalk.org/
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.suitable.com
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.suitable.com/tools/smslib.html
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.suitable.com/tools/smslib.html>
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.webrtc.org
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://zlib.net/
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://android.googlesource.com/platform/external/puffin
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://android.googlesource.com/platform/external/setupdesign/
Source: KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blueimp.net
Source: zh-CN.pak.0.drString found in binary or memory: https://chrome.google.com/webstore/category/extensions
Source: KyrazonSetup.exe, 00000000.00000003.1934799027.00000000007CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en&category=theme81https://myactivity.google.com/myactivity/?u
Source: KyrazonSetup.exe, 00000000.00000003.1934638566.00000000007CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en-GB&category=theme81https://myactivity.google.com/myactivity
Source: KyrazonSetup.exe, 00000000.00000003.1936524133.0000000002F27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=pl&category=theme81https://myactivity.google.com/myactivity/?u
Source: KyrazonSetup.exe, 00000000.00000003.1937505732.0000000002F27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=vi&category=theme81https://myactivity.google.com/myactivity/?u
Source: KyrazonSetup.exe, 00000000.00000003.1937598463.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, zh-CN.pak.0.drString found in binary or memory: https://chrome.google.com/webstore?hl=zh-CN&category=theme81https://myactivity.google.com/myactivity
Source: zh-CN.pak.0.drString found in binary or memory: https://chrome.google.com/webstore?hl=zh-CNCtrl$1
Source: KyrazonSetup.exe, 00000000.00000003.1937687612.00000000007CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=zh-TW&category=theme81https://myactivity.google.com/myactivity
Source: KyrazonSetup.exe, 00000000.00000003.1937505732.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1936524133.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, zh-CN.pak.0.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherEnabled
Source: KyrazonSetup.exe, 00000000.00000003.1937505732.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1936524133.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, zh-CN.pak.0.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl
Source: KyrazonSetup.exe, 00000000.00000003.1937505732.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1936524133.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, zh-CN.pak.0.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl
Source: KyrazonSetup.exe, 00000000.00000003.1937505732.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1936524133.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, zh-CN.pak.0.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlGreylist
Source: KyrazonSetup.exe, 00000000.00000003.1937505732.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1936524133.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, zh-CN.pak.0.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlList
Source: KyrazonSetup.exe, 00000000.00000003.1937505732.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1936524133.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, zh-CN.pak.0.drString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUseIeSitelist
Source: KyrazonSetup.exe, 00000000.00000003.1936778814.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1937687612.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1937505732.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1934910421.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1936662750.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1937598463.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1934799027.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1936524133.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1934544289.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1934638566.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, zh-CN.pak.0.drString found in binary or memory: https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/chromium/src/
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/vulkan-deps/
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/webm/libwebm
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/webm/libwebp
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://creativecommons.org/licenses/by/3.0/
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developers.google.com/android/guides/setup
Source: KyrazonSetup.exe, 00000000.00000003.1934910421.00000000007CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ejemplo.com.Se
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Cyan4973/xxHash
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/GPUOpen-LibrariesAndSDKs/VulkanMemoryAllocator
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/GoogleChromeLabs/text-fragments-polyfill
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/KhronosGroup/SPIRV-Headers.git
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/KhronosGroup/SPIRV-Tools.git
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/KhronosGroup/Vulkan-Headers
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/KhronosGroup/Vulkan-Loader
Source: KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/LiosK/UUID.js
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Maratyszcza/pthreadpool
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/SeleniumHQ/selenium/tree/trunk
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Squirrel/Squirrel.Mac
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/aawc/unrar.git
Source: KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/blueimp/JavaScript-MD5
Source: KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/wrap-ansi?sponsor=1
Source: KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dominictarr/varstruct
Source: KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dominictarr/varstruct.git
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/facebook/zstd
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/diff-match-patch/tree/master/javascript
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/distributed_point_functions
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/google-api-cpp-client/
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/pprof/tree/master/proto
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/private-join-and-compute
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/protobuf
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/re2
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/ruy
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/securemessage
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/sentencepiece
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/shell-encryption
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/ukey2
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/woff2
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/wuffs-mirror-release-c
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/xnnpack
Source: KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/iarna/wide-align
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/intel/libva
Source: KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/yallist.git
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/jrmuizel/qcms/tree/v4
Source: KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/wrappy
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/protocolbuffers/protobuf/blob/master/java/lite.md
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/puppeteer/puppeteer/tree/main/packages/puppeteer-core
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/simplejson/simplejson
Source: KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/broofa
Source: KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/ctavan
Source: KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/ljharb
Source: KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/sindresorhus
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/models
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/tensorflow
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/text.git
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/tflite-support
Source: KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid
Source: KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
Source: KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid.git
Source: KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid/pull/434
Source: KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid/pull/677#issuecomment-1757351351
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/wasdk/wasmparser
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/xiph/rnnoise
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitlab.freedesktop.org/xdg/xdgmime
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gitlab.freedesktop.org/xorg/proto/xproto/
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/mozilla-central/file/tip/netwerk/base/nsURLParsers.cpp
Source: zh-CN.pak.0.drString found in binary or memory: https://myactivity.google.com/
Source: KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://opensource.org/licenses/MIT
Source: zh-CN.pak.0.drString found in binary or memory: https://passwords.google.comGoogle
Source: KyrazonSetup.exe, 00000000.00000003.1936524133.0000000002F27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://passwords.google.comKonta
Source: KyrazonSetup.exe, 00000000.00000003.1937505732.0000000002F27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://passwords.google.comT
Source: zh-CN.pak.0.drString found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: zh-CN.pak.0.drString found in binary or memory: https://policies.google.com/
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://polymer-library.polymer-project.org
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://quiche.googlesource.com/quiche
Source: KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sindresorhus.com
Source: KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sindresorhus.com)
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/site/gaviotachessengine/Home/endgame-tablebases-1
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://skia.org/
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://source.corp.google.com/piper///depot/google3/third_party/tamachiyomi/README.md
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sourceforge.net/projects/wtl/files/WTL%2010/
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sqlite.org/
Source: KyrazonSetup.exe, 00000000.00000003.1936778814.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1937687612.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1937505732.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1934910421.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1936662750.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1937598463.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1936524133.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1934544289.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, zh-CN.pak.0.drString found in binary or memory: https://support.google.com/chrome/a/answer/9122284
Source: KyrazonSetup.exe, 00000000.00000003.1936778814.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1937687612.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1937505732.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1934910421.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1936662750.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1937598463.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1934799027.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1936524133.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1934544289.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, zh-CN.pak.0.drString found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: zh-CN.pak.0.drString found in binary or memory: https://support.google.com/chromebook?p=app_intent
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://swiftshader.googlesource.com/SwiftShader
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: zh-CN.pak.0.drString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.html
Source: KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc9562.html
Source: KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc9562.html#name-example-of-a-uuidv7-value
Source: KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc9562.html#section-6.2-5.1
Source: KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.unicode.org/copyright.html.
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: C:\Users\user\Desktop\KyrazonSetup.exeCode function: 0_2_00405205 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405205
Source: Conhost.exeProcess created: 50
Source: cmd.exeProcess created: 63

System Summary

barindex
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile dump: KyrazonGodot.exe.0.dr 172671488Jump to dropped file
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile dump: KyrazonGodot.exe0.0.dr 172671488Jump to dropped file
Source: C:\Users\user\Desktop\KyrazonSetup.exeCode function: 0_2_0040320C EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040320C
Source: C:\Users\user\Desktop\KyrazonSetup.exeCode function: 0_2_00404A440_2_00404A44
Source: C:\Users\user\Desktop\KyrazonSetup.exeCode function: 0_2_00406F540_2_00406F54
Source: C:\Users\user\Desktop\KyrazonSetup.exeCode function: 0_2_0040677D0_2_0040677D
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exeCode function: 12_2_0040100012_2_00401000
Source: C:\Users\user\Desktop\KyrazonSetup.exeProcess token adjusted: SecurityJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exeCode function: String function: 004029C7 appears 72 times
Source: libEGL.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: libGLESv2.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: KyrazonGodot.exe.0.drStatic PE information: Number of sections : 15 > 10
Source: vk_swiftshader.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: vulkan-1.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: KyrazonGodot.exe0.0.drStatic PE information: Number of sections : 15 > 10
Source: KyrazonSetup.exe, 00000000.00000003.1883900988.00000000050DC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs KyrazonSetup.exe
Source: KyrazonSetup.exe, 00000000.00000003.1938061587.00000000007CF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameElevate.exeH vs KyrazonSetup.exe
Source: KyrazonSetup.exe, 00000000.00000003.1890577423.00000000050D4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameelectron.exe2 vs KyrazonSetup.exe
Source: KyrazonSetup.exe, 00000000.00000003.1932269335.00000000050D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibGLESv2.dllb! vs KyrazonSetup.exe
Source: KyrazonSetup.exe, 00000000.00000003.1938427745.0000000002F51000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameShortcut.exe8 vs KyrazonSetup.exe
Source: KyrazonSetup.exe, 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamensis7z.dll, vs KyrazonSetup.exe
Source: KyrazonSetup.exe, 00000000.00000003.1933472461.00000000050EE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevk_swiftshader.dll, vs KyrazonSetup.exe
Source: KyrazonSetup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: mal68.spyw.winEXE@302/101@10/8
Source: C:\Users\user\Desktop\KyrazonSetup.exeCode function: 0_2_0040320C EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040320C
Source: C:\Users\user\Desktop\KyrazonSetup.exeCode function: 0_2_004044D1 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_004044D1
Source: C:\Users\user\Desktop\KyrazonSetup.exeCode function: 0_2_004020D1 CoCreateInstance,MultiByteToWideChar,0_2_004020D1
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1144:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5348:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3744:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:824:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4040:120:WilError_03
Source: C:\Users\user\Desktop\KyrazonSetup.exeMutant created: \Sessions\1\BaseNamedObjects\b3cf5a4f-183c-5906-ad23-5f1f95ad8d0e
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7480:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7524:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7456:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5224:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2332:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7540:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3332:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4632:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2140:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5672:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:368:120:WilError_03
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8004:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2504:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7700:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7484:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3396:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7172:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7240:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7424:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7548:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2328:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7448:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3568:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1244:120:WilError_03
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile created: C:\Users\user\AppData\Local\Temp\nsd70E1.tmpJump to behavior
Source: KyrazonSetup.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'KYRAZONGODOT.EXE'
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: KyrazonSetup.exeReversingLabs: Detection: 18%
Source: Shortcut.exeString found in binary or memory: -help
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile read: C:\Users\user\Desktop\KyrazonSetup.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\KyrazonSetup.exe "C:\Users\user\Desktop\KyrazonSetup.exe"
Source: C:\Users\user\Desktop\KyrazonSetup.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq KyrazonGodot.exe" /FO csv | "C:\Windows\system32\find.exe" "KyrazonGodot.exe"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq KyrazonGodot.exe" /FO csv
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\find.exe "C:\Windows\system32\find.exe" "KyrazonGodot.exe"
Source: unknownProcess created: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe "C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe"
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe "C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\KyrazonGodot" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1772 --field-trial-handle=1776,i,4294901941177378234,17718125093265605642,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exe C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exe /A:C "/F:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KyrazonGodot.lnk" /T:C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where /r . data.sqlite"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\where.exe where /r . data.sqlite
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe "C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\KyrazonGodot" --mojo-platform-channel-handle=2364 --field-trial-handle=1776,i,4294901941177378234,17718125093265605642,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: unknownProcess created: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe "C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe"
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe "C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\KyrazonGodot" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1740 --field-trial-handle=1744,i,17217612992806517809,8679626120337516312,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe "C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\KyrazonGodot" --mojo-platform-channel-handle=2228 --field-trial-handle=1744,i,17217612992806517809,8679626120337516312,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where /r . data.sqlite"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\where.exe where /r . data.sqlite
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\tasklist.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\tasklist.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\tasklist.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\tasklist.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\tasklist.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\tasklist.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\KyrazonSetup.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq KyrazonGodot.exe" /FO csv | "C:\Windows\system32\find.exe" "KyrazonGodot.exe"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq KyrazonGodot.exe" /FO csv Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\find.exe "C:\Windows\system32\find.exe" "KyrazonGodot.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe "C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\KyrazonGodot" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1772 --field-trial-handle=1776,i,4294901941177378234,17718125093265605642,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exe C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exe /A:C "/F:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KyrazonGodot.lnk" /T:C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where /r . data.sqlite"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe "C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\KyrazonGodot" --mojo-platform-channel-handle=2364 --field-trial-handle=1776,i,4294901941177378234,17718125093265605642,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\tasklist.exe tasklistJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\tasklist.exe tasklistJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\tasklist.exe tasklistJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\tasklist.exe tasklistJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\tasklist.exe tasklistJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\where.exe where /r . data.sqlite
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe "C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\KyrazonGodot" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1740 --field-trial-handle=1744,i,17217612992806517809,8679626120337516312,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe "C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\KyrazonGodot" --mojo-platform-channel-handle=2228 --field-trial-handle=1744,i,17217612992806517809,8679626120337516312,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where /r . data.sqlite"
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\where.exe where /r . data.sqlite
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Users\user\Desktop\KyrazonSetup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeSection loaded: iconcodecservice.dllJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\find.exeSection loaded: ulib.dllJump to behavior
Source: C:\Windows\SysWOW64\find.exeSection loaded: fsutilext.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: kbdus.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: mscms.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: coloradapterclient.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: mmdevapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: devobj.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: mf.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exeSection loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exeSection loaded: ntshrui.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exeSection loaded: cscapi.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Windows\System32\where.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: windows.ui.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: windowmanagementapi.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: inputhost.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: winsta.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: mscms.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: coloradapterclient.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: mmdevapi.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: devobj.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: mf.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: dwmapi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Windows\System32\where.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Users\user\Desktop\KyrazonSetup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq KyrazonGodot.exe" /FO csv
Source: KyrazonGodot.lnk.12.drLNK file: ..\..\..\..\..\..\Local\Programs\KyrazonGodot\KyrazonGodot.exe
Source: C:\Users\user\Desktop\KyrazonSetup.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b3cf5a4f-183c-5906-ad23-5f1f95ad8d0eJump to behavior
Source: KyrazonSetup.exeStatic file information: File size 80239576 > 1048576
Source: KyrazonSetup.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Dev\elevate\bin\x86\Release\Elevate.pdb source: KyrazonSetup.exe, 00000000.00000003.1938061587.00000000007CF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdb source: KyrazonSetup.exe, 00000000.00000003.1883900988.00000000050DC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\ffmpeg.dll.pdb source: KyrazonSetup.exe, 00000000.00000003.1885538165.00000000050D6000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdbGCTL source: KyrazonSetup.exe, 00000000.00000003.1883900988.00000000050DC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vk_swiftshader.dll.pdb source: KyrazonSetup.exe, 00000000.00000003.1933472461.00000000050EE000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: KyrazonSetup.exe, 00000000.00000003.1933793850.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1880679511.0000000004ED0000.00000004.00001000.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1880902118.0000000005740000.00000004.00001000.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1880957683.0000000005781000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exeCode function: 12_2_00406DDD LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,12_2_00406DDD
Source: KyrazonGodot.exe.0.drStatic PE information: section name: .00cfg
Source: KyrazonGodot.exe.0.drStatic PE information: section name: .gxfg
Source: KyrazonGodot.exe.0.drStatic PE information: section name: .retplne
Source: KyrazonGodot.exe.0.drStatic PE information: section name: .rodata
Source: KyrazonGodot.exe.0.drStatic PE information: section name: CPADinfo
Source: KyrazonGodot.exe.0.drStatic PE information: section name: LZMADEC
Source: KyrazonGodot.exe.0.drStatic PE information: section name: _RDATA
Source: KyrazonGodot.exe.0.drStatic PE information: section name: malloc_h
Source: ffmpeg.dll.0.drStatic PE information: section name: .00cfg
Source: ffmpeg.dll.0.drStatic PE information: section name: .gxfg
Source: ffmpeg.dll.0.drStatic PE information: section name: .retplne
Source: ffmpeg.dll.0.drStatic PE information: section name: _RDATA
Source: KyrazonGodot.exe0.0.drStatic PE information: section name: .00cfg
Source: KyrazonGodot.exe0.0.drStatic PE information: section name: .gxfg
Source: KyrazonGodot.exe0.0.drStatic PE information: section name: .retplne
Source: KyrazonGodot.exe0.0.drStatic PE information: section name: .rodata
Source: KyrazonGodot.exe0.0.drStatic PE information: section name: CPADinfo
Source: KyrazonGodot.exe0.0.drStatic PE information: section name: LZMADEC
Source: KyrazonGodot.exe0.0.drStatic PE information: section name: _RDATA
Source: KyrazonGodot.exe0.0.drStatic PE information: section name: malloc_h
Source: libEGL.dll.0.drStatic PE information: section name: .00cfg
Source: libEGL.dll.0.drStatic PE information: section name: .gxfg
Source: libEGL.dll.0.drStatic PE information: section name: .retplne
Source: libEGL.dll.0.drStatic PE information: section name: _RDATA
Source: libGLESv2.dll.0.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll.0.drStatic PE information: section name: .gxfg
Source: libGLESv2.dll.0.drStatic PE information: section name: .retplne
Source: libGLESv2.dll.0.drStatic PE information: section name: _RDATA
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .00cfg
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .gxfg
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .retplne
Source: vk_swiftshader.dll.0.drStatic PE information: section name: _RDATA
Source: vulkan-1.dll.0.drStatic PE information: section name: .00cfg
Source: vulkan-1.dll.0.drStatic PE information: section name: .gxfg
Source: vulkan-1.dll.0.drStatic PE information: section name: .retplne
Source: vulkan-1.dll.0.drStatic PE information: section name: _RDATA
Source: ffmpeg.dll0.0.drStatic PE information: section name: .00cfg
Source: ffmpeg.dll0.0.drStatic PE information: section name: .gxfg
Source: ffmpeg.dll0.0.drStatic PE information: section name: .retplne
Source: ffmpeg.dll0.0.drStatic PE information: section name: _RDATA
Source: 7cf89e89-e232-4be6-be03-bf9b6e2d646b.tmp.node.8.drStatic PE information: section name: _RDATA
Source: d9f9fc66-7f94-42f9-8b98-870060ec1682.tmp.node.8.drStatic PE information: section name: _RDATA
Source: 2161a28d-0c48-4dca-9f47-1f165e01a4f4.tmp.node.42.drStatic PE information: section name: _RDATA
Source: 23e3f388-1762-4def-8c5b-98088df83663.tmp.node.42.drStatic PE information: section name: _RDATA
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exeCode function: 12_2_00405760 push eax; ret 12_2_0040578E
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile created: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile created: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\resources\elevate.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeFile created: C:\Users\user\AppData\Local\Temp\d9f9fc66-7f94-42f9-8b98-870060ec1682.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile created: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile created: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile created: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile created: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeFile created: C:\Users\user\AppData\Local\Temp\2161a28d-0c48-4dca-9f47-1f165e01a4f4.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile created: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile created: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeJump to dropped file
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile created: C:\Users\user\AppData\Local\Programs\KyrazonGodot\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile created: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\SpiderBanner.dllJump to dropped file
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile created: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\nsis7z.dllJump to dropped file
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile created: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile created: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\KyrazonGodot.exeJump to dropped file
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile created: C:\Users\user\AppData\Local\Programs\KyrazonGodot\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeFile created: C:\Users\user\AppData\Local\Temp\7cf89e89-e232-4be6-be03-bf9b6e2d646b.tmp.nodeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeFile created: C:\Users\user\AppData\Local\Temp\23e3f388-1762-4def-8c5b-98088df83663.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile created: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exeJump to dropped file
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile created: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile created: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeFile created: C:\Users\user\AppData\Local\Temp\7cf89e89-e232-4be6-be03-bf9b6e2d646b.tmp.nodeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeFile created: C:\Users\user\AppData\Local\Temp\d9f9fc66-7f94-42f9-8b98-870060ec1682.tmp.nodeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeFile created: C:\Users\user\AppData\Local\Temp\2161a28d-0c48-4dca-9f47-1f165e01a4f4.tmp.nodeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeFile created: C:\Users\user\AppData\Local\Temp\23e3f388-1762-4def-8c5b-98088df83663.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile created: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile created: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\ReadMe.txtJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile created: C:\Users\user\AppData\Local\Programs\KyrazonGodot\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile created: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\ReadMe.txtJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KyrazonGodot.lnk
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KyrazonGodot.lnk
Source: C:\Users\user\Desktop\KyrazonSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\KyrazonSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\d9f9fc66-7f94-42f9-8b98-870060ec1682.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\KyrazonSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\resources\elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\KyrazonSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\KyrazonSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\Desktop\KyrazonSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2161a28d-0c48-4dca-9f47-1f165e01a4f4.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\KyrazonSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\KyrazonSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\nsis7z.dllJump to dropped file
Source: C:\Users\user\Desktop\KyrazonSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\SpiderBanner.dllJump to dropped file
Source: C:\Users\user\Desktop\KyrazonSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\System.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7cf89e89-e232-4be6-be03-bf9b6e2d646b.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\KyrazonSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\KyrazonGodot\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\23e3f388-1762-4def-8c5b-98088df83663.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\KyrazonSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\Desktop\KyrazonSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exeAPI coverage: 8.5 %
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeCode function: 0_2_00405768 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,0_2_00405768
Source: C:\Users\user\Desktop\KyrazonSetup.exeCode function: 0_2_004062A3 FindFirstFileA,FindClose,0_2_004062A3
Source: C:\Users\user\Desktop\KyrazonSetup.exeCode function: 0_2_004026FE FindFirstFileA,0_2_004026FE
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\localesJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\resourcesJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\resources\app.asar.unpackedJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\resources\app.asar.unpacked\node_modules\windows-shortcuts\libJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\resources\app.asar.unpacked\node_modulesJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeFile opened: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\resources\app.asar.unpacked\node_modules\windows-shortcutsJump to behavior
Source: KyrazonSetup.exe, 00000000.00000003.1885538165.00000000050D6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmncVMware Screen Codec / VMware Videovp5On2 VP5vp6On2 VP6vp6fOn2 VP6 (Flash version)targaTruevision Targa imageimage/x-targaimage/x-tgab
Source: KyrazonSetup.exe, 00000000.00000003.1933863419.00000000007C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: om&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: KyrazonSetup.exe, 00000000.00000003.1885538165.00000000050D6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware Screen Codec / VMware Video
Source: C:\Users\user\Desktop\KyrazonSetup.exeAPI call chain: ExitProcess graph end nodegraph_0-3181
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exeAPI call chain: ExitProcess graph end nodegraph_12-3626
Source: C:\Users\user\Desktop\KyrazonSetup.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exeCode function: 12_2_00406DDD LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,12_2_00406DDD
Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\KyrazonSetup.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq KyrazonGodot.exe" /FO csv | "C:\Windows\system32\find.exe" "KyrazonGodot.exe"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq KyrazonGodot.exe" /FO csv Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\find.exe "C:\Windows\system32\find.exe" "KyrazonGodot.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe "C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\KyrazonGodot" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1772 --field-trial-handle=1776,i,4294901941177378234,17718125093265605642,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exe C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exe /A:C "/F:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KyrazonGodot.lnk" /T:C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where /r . data.sqlite"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe "C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\KyrazonGodot" --mojo-platform-channel-handle=2364 --field-trial-handle=1776,i,4294901941177378234,17718125093265605642,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\tasklist.exe tasklistJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\tasklist.exe tasklistJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\tasklist.exe tasklistJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\tasklist.exe tasklistJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\tasklist.exe tasklistJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\where.exe where /r . data.sqlite
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe "C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\KyrazonGodot" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1740 --field-trial-handle=1744,i,17217612992806517809,8679626120337516312,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe "C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\KyrazonGodot" --mojo-platform-channel-handle=2228 --field-trial-handle=1744,i,17217612992806517809,8679626120337516312,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where /r . data.sqlite"
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist"
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\where.exe where /r . data.sqlite
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe "c:\users\user\appdata\local\programs\kyrazongodot\kyrazongodot.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\kyrazongodot" --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1772 --field-trial-handle=1776,i,4294901941177378234,17718125093265605642,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exe c:\users\user\appdata\local\programs\kyrazongodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\shortcut.exe /a:c "/f:c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\kyrazongodot.lnk" /t:c:\users\user\appdata\local\programs\kyrazongodot\kyrazongodot.exe
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe "c:\users\user\appdata\local\programs\kyrazongodot\kyrazongodot.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\kyrazongodot" --mojo-platform-channel-handle=2364 --field-trial-handle=1776,i,4294901941177378234,17718125093265605642,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe "c:\users\user\appdata\local\programs\kyrazongodot\kyrazongodot.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\kyrazongodot" --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1740 --field-trial-handle=1744,i,17217612992806517809,8679626120337516312,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe "c:\users\user\appdata\local\programs\kyrazongodot\kyrazongodot.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\kyrazongodot" --mojo-platform-channel-handle=2228 --field-trial-handle=1744,i,17217612992806517809,8679626120337516312,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe "c:\users\user\appdata\local\programs\kyrazongodot\kyrazongodot.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\kyrazongodot" --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1772 --field-trial-handle=1776,i,4294901941177378234,17718125093265605642,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exe c:\users\user\appdata\local\programs\kyrazongodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\shortcut.exe /a:c "/f:c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\kyrazongodot.lnk" /t:c:\users\user\appdata\local\programs\kyrazongodot\kyrazongodot.exeJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe "c:\users\user\appdata\local\programs\kyrazongodot\kyrazongodot.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\kyrazongodot" --mojo-platform-channel-handle=2364 --field-trial-handle=1776,i,4294901941177378234,17718125093265605642,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe "c:\users\user\appdata\local\programs\kyrazongodot\kyrazongodot.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\kyrazongodot" --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1740 --field-trial-handle=1744,i,17217612992806517809,8679626120337516312,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeProcess created: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe "c:\users\user\appdata\local\programs\kyrazongodot\kyrazongodot.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\kyrazongodot" --mojo-platform-channel-handle=2228 --field-trial-handle=1744,i,17217612992806517809,8679626120337516312,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\package.json VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\windows-shortcuts.js VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\Downloads VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\Downloads\BPMLNOBVSB.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\Downloads\CURQNKVOIX.jpg VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\Downloads\YPSIACHYXW.jpg VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\Downloads\desktop.ini VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\Documents VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\Documents\CURQNKVOIX.jpg VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\Documents\GAOBCVIQIJ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\Documents\JSDNGYCOWY.mp3 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\Documents\JSDNGYCOWY.pdf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\Documents\JSDNGYCOWY.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\Documents\NIKHQAIQAU.jpg VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\Documents\NWTVCDUMOB VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\Documents\NWTVCDUMOB.xlsx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\Documents\ZTGJILHXQB VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\Desktop\NWTVCDUMOB.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\Desktop\RAYHIWGKDI.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\Desktop\WUTJSCBCFX.docx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8488a434-1fc5-4133-b739-6e418d7388dc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8488a434-1fc5-4133-b739-6e418d7388dc\Applications VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8488a434-1fc5-4133-b739-6e418d7388dc\Applications VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8488a434-1fc5-4133-b739-6e418d7388dc\Cookies\Google_Default.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8488a434-1fc5-4133-b739-6e418d7388dc\Cookies\Google_Default.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8488a434-1fc5-4133-b739-6e418d7388dc\Applications VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8488a434-1fc5-4133-b739-6e418d7388dc\Browser Extensions VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8488a434-1fc5-4133-b739-6e418d7388dc\Cookies\Google_Default.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8488a434-1fc5-4133-b739-6e418d7388dc\Passwords\Google_Default.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8488a434-1fc5-4133-b739-6e418d7388dc.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8488a434-1fc5-4133-b739-6e418d7388dc.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8488a434-1fc5-4133-b739-6e418d7388dc.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8488a434-1fc5-4133-b739-6e418d7388dc.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8488a434-1fc5-4133-b739-6e418d7388dc.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8488a434-1fc5-4133-b739-6e418d7388dc\Applications VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8488a434-1fc5-4133-b739-6e418d7388dc\Cookies VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8488a434-1fc5-4133-b739-6e418d7388dc\Discord Tokens VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8488a434-1fc5-4133-b739-6e418d7388dc\Browser Extensions VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8488a434-1fc5-4133-b739-6e418d7388dc\Applications VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8488a434-1fc5-4133-b739-6e418d7388dc\Important Files VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8488a434-1fc5-4133-b739-6e418d7388dc\Cookies\Google_Default.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8488a434-1fc5-4133-b739-6e418d7388dc\Passwords\Google_Default.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8488a434-1fc5-4133-b739-6e418d7388dc\Passwords\Microsoft_Default.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8488a434-1fc5-4133-b739-6e418d7388dc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8488a434-1fc5-4133-b739-6e418d7388dc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Roaming\KyrazonGodot\Local State VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\package.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\windows-shortcuts.js VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\Downloads VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\Downloads\BPMLNOBVSB.pdf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\Downloads\CURQNKVOIX.jpg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\Downloads\JSDNGYCOWY.pdf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\Downloads\JSDNGYCOWY.xlsx VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\Downloads\NWTVCDUMOB.xlsx VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\Downloads\WUTJSCBCFX.pdf VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\Downloads\YPSIACHYXW.jpg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\Downloads\YPSIACHYXW.xlsx VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\Documents\CURQNKVOIX.jpg VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\Documents\CURQNKVOIX.mp3 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\Documents\GAOBCVIQIJ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\Documents\LTKMYBSEYZ.docx VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\Documents\MXPXCVPDVN.mp3 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\Pictures VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\Documents\NWTVCDUMOB.xlsx VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\a1b85b9a-05dd-4677-8ea9-2048d24632a6 VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\a1b85b9a-05dd-4677-8ea9-2048d24632a6\Applications VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\a1b85b9a-05dd-4677-8ea9-2048d24632a6\Cookies\Google_Default.txt VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\a1b85b9a-05dd-4677-8ea9-2048d24632a6\Applications VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\a1b85b9a-05dd-4677-8ea9-2048d24632a6\Browser Extensions VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\a1b85b9a-05dd-4677-8ea9-2048d24632a6\Cookies\Google_Default.txt VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\a1b85b9a-05dd-4677-8ea9-2048d24632a6\Cookies VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\a1b85b9a-05dd-4677-8ea9-2048d24632a6\Passwords\Google_Default.txt VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\a1b85b9a-05dd-4677-8ea9-2048d24632a6\Passwords VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\a1b85b9a-05dd-4677-8ea9-2048d24632a6.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\a1b85b9a-05dd-4677-8ea9-2048d24632a6.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\a1b85b9a-05dd-4677-8ea9-2048d24632a6.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\a1b85b9a-05dd-4677-8ea9-2048d24632a6.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\a1b85b9a-05dd-4677-8ea9-2048d24632a6.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\a1b85b9a-05dd-4677-8ea9-2048d24632a6.zip VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\a1b85b9a-05dd-4677-8ea9-2048d24632a6\Discord Tokens VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\a1b85b9a-05dd-4677-8ea9-2048d24632a6\Cookies VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\a1b85b9a-05dd-4677-8ea9-2048d24632a6\Important Files VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\a1b85b9a-05dd-4677-8ea9-2048d24632a6\Cookies\Google_Default.txt VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\a1b85b9a-05dd-4677-8ea9-2048d24632a6\Passwords\Google_Default.txt VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\a1b85b9a-05dd-4677-8ea9-2048d24632a6\Passwords\Google_Default.txt VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\Desktop\KyrazonSetup.exeCode function: 0_2_0040320C EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040320C
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Stealing of Sensitive Information

barindex
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exefile Attributes Queried: C:\Users\user\AppData\Local\DiscordJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exefile Attributes Queried: C:\Users\user\AppData\Local\DiscordCanaryJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exefile Attributes Queried: C:\Users\user\AppData\Local\DiscordPTBJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exefile Attributes Queried: C:\Users\user\AppData\Local\DiscordDevelopmentJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exefile Attributes Queried: C:\Users\user\AppData\Local\Discord
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exefile Attributes Queried: C:\Users\user\AppData\Local\DiscordCanary
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exefile Attributes Queried: C:\Users\user\AppData\Local\DiscordPTB
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exefile Attributes Queried: C:\Users\user\AppData\Local\DiscordDevelopment
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
Source: C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exeDirectory queried: C:\Users\user\Documents
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Windows Management Instrumentation
1
Windows Service
1
Access Token Manipulation
11
Masquerading
1
OS Credential Dumping
1
Security Software Discovery
Remote Services1
Email Collection
11
Encrypted Channel
Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts12
Command and Scripting Interpreter
2
Registry Run Keys / Startup Folder
1
Windows Service
1
Access Token Manipulation
LSASS Memory2
Process Discovery
Remote Desktop Protocol1
Archive Collected Data
2
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts1
Native API
1
DLL Side-Loading
11
Process Injection
11
Process Injection
Security Account Manager1
Remote System Discovery
SMB/Windows Admin Shares11
Data from Local System
3
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
Registry Run Keys / Startup Folder
1
Deobfuscate/Decode Files or Information
NTDS13
File and Directory Discovery
Distributed Component Object Model1
Clipboard Data
Protocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
DLL Side-Loading
2
Obfuscated Files or Information
LSA Secrets26
System Information Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading
Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1489101 Sample: KyrazonSetup.exe Startdate: 07/08/2024 Architecture: WINDOWS Score: 68 96 zerostone.discloud.app 2->96 98 tempfile.me 2->98 100 4 other IPs or domains 2->100 108 Multi AV Scanner detection for submitted file 2->108 110 Sigma detected: Invoke-Obfuscation CLIP+ Launcher 2->110 112 Sigma detected: Invoke-Obfuscation VAR+ Launcher 2->112 10 KyrazonGodot.exe 2->10         started        14 KyrazonGodot.exe 17 2->14         started        17 KyrazonSetup.exe 12 225 2->17         started        signatures3 process4 dnsIp5 76 23e3f388-1762-4def...088df83663.tmp.node, PE32+ 10->76 dropped 78 2161a28d-0c48-4dca...165e01a4f4.tmp.node, PE32+ 10->78 dropped 114 Tries to harvest and steal browser information (history, passwords, etc) 10->114 116 Tries to steal communication platform credentials (via file / registry access) 10->116 19 cmd.exe 10->19         started        21 cmd.exe 10->21         started        23 cmd.exe 10->23         started        33 20 other processes 10->33 102 api.gofile.io 51.38.43.18, 443, 49748, 49755 OVHFR France 14->102 104 92.246.138.20, 49745, 49749, 80 MEGAMAX-ASNizhnyNovgorodRU Russian Federation 14->104 106 4 other IPs or domains 14->106 80 d9f9fc66-7f94-42f9...0060ec1682.tmp.node, PE32+ 14->80 dropped 82 7cf89e89-e232-4be6...9b6e2d646b.tmp.node, PE32+ 14->82 dropped 25 cmd.exe 14->25         started        27 cmd.exe 14->27         started        29 cmd.exe 14->29         started        36 22 other processes 14->36 84 C:\Users\user\AppData\...\KyrazonGodot.exe, PE32+ 17->84 dropped 86 C:\Users\user\AppData\Local\...\nsis7z.dll, PE32 17->86 dropped 88 C:\Users\user\AppData\Local\...\nsExec.dll, PE32 17->88 dropped 90 14 other files (none is malicious) 17->90 dropped 118 Drops large PE files 17->118 31 cmd.exe 1 17->31         started        file6 signatures7 process8 dnsIp9 38 3 other processes 19->38 40 3 other processes 21->40 42 3 other processes 23->42 44 2 other processes 25->44 46 2 other processes 27->46 48 2 other processes 29->48 50 3 other processes 31->50 92 162.159.61.3, 443, 49743, 59243 CLOUDFLARENETUS United States 33->92 52 21 other processes 33->52 94 chrome.cloudflare-dns.com 172.64.41.3, 443, 49742 CLOUDFLARENETUS United States 36->94 54 30 other processes 36->54 process10 process11 56 Conhost.exe 38->56         started        58 Conhost.exe 38->58         started        60 Conhost.exe 40->60         started        62 Conhost.exe 42->62         started        64 Conhost.exe 44->64         started        66 Conhost.exe 46->66         started        68 Conhost.exe 48->68         started        70 3 other processes 52->70 72 2 other processes 54->72 process12 74 Conhost.exe 56->74         started       

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
KyrazonSetup.exe18%ReversingLabsWin32.Trojan.Generic
SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe0%ReversingLabs
C:\Users\user\AppData\Local\Programs\KyrazonGodot\d3dcompiler_47.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\KyrazonGodot\ffmpeg.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\2161a28d-0c48-4dca-9f47-1f165e01a4f4.tmp.node4%ReversingLabs
C:\Users\user\AppData\Local\Temp\23e3f388-1762-4def-8c5b-98088df83663.tmp.node0%ReversingLabs
C:\Users\user\AppData\Local\Temp\7cf89e89-e232-4be6-be03-bf9b6e2d646b.tmp.node4%ReversingLabs
C:\Users\user\AppData\Local\Temp\d9f9fc66-7f94-42f9-8b98-870060ec1682.tmp.node0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\KyrazonGodot.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\d3dcompiler_47.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\ffmpeg.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\libEGL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\libGLESv2.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\resources\elevate.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\vk_swiftshader.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\vulkan-1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\SpiderBanner.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\StdUtils.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\nsExec.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\nsis7z.dll0%ReversingLabs
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://support.google.com/chrome/answer/60988690%URL Reputationsafe
https://www.apache.org/licenses/LICENSE-2.00%URL Reputationsafe
https://chromium.googlesource.com/chromium/src/0%URL Reputationsafe
https://www.apache.org/licenses/0%URL Reputationsafe
http://nsis.sf.net/NSIS_ErrorError0%URL Reputationsafe
https://blueimp.net0%URL Reputationsafe
https://chromium.googlesource.com/vulkan-deps/0%Avira URL Cloudsafe
https://github.com/iarna/wide-align0%Avira URL Cloudsafe
https://github.com/google/ukey20%Avira URL Cloudsafe
https://github.com/simplejson/simplejson0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=vi&category=theme81https://myactivity.google.com/myactivity/?u0%Avira URL Cloudsafe
http://nsis.sf.net/NSIS_Error0%URL Reputationsafe
http://webkit.org/0%Avira URL Cloudsafe
https://www.google.com/chrome/privacy/eula_text.html0%Avira URL Cloudsafe
http://www.freedesktop.org/wiki/Software/xdg-user-dirs0%Avira URL Cloudsafe
https://opensource.org/licenses/MIT0%URL Reputationsafe
https://github.com/KhronosGroup/SPIRV-Tools.git0%Avira URL Cloudsafe
https://github.com/Squirrel/Squirrel.Mac0%Avira URL Cloudsafe
http://docs.python.org/library/uuid.html0%Avira URL Cloudsafe
https://photos.google.com/settings?referrer=CHROME_NTP0%Avira URL Cloudsafe
http://code.google.com/p/smhasher/0%Avira URL Cloudsafe
https://github.com/sponsors/ctavan0%Avira URL Cloudsafe
http://tukaani.org/xz/0%Avira URL Cloudsafe
http://www.linux-usb.org/usb-ids.html0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=pl&category=theme81https://myactivity.google.com/myactivity/?u0%Avira URL Cloudsafe
http://92.246.138.20/storage0%Avira URL Cloudsafe
https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl0%Avira URL Cloudsafe
https://hg.mozilla.org/mozilla-central/file/tip/netwerk/base/nsURLParsers.cpp0%Avira URL Cloudsafe
https://skia.org/0%Avira URL Cloudsafe
https://github.com/google/diff-match-patch/tree/master/javascript0%Avira URL Cloudsafe
http://opensource.perlig.de/rjsmin/0%Avira URL Cloudsafe
https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%220%Avira URL Cloudsafe
https://android.googlesource.com/platform/external/puffin0%Avira URL Cloudsafe
https://github.com/google/pprof/tree/master/proto0%Avira URL Cloudsafe
https://github.com/jrmuizel/qcms/tree/v40%Avira URL Cloudsafe
http://www.movable-type.co.uk/scripts/sha1.html0%Avira URL Cloudsafe
http://blog.izs.me)0%Avira URL Cloudsafe
https://github.com/google/woff20%Avira URL Cloudsafe
https://github.com/sponsors/broofa0%Avira URL Cloudsafe
https://support.google.com/chromebook?p=app_intent0%Avira URL Cloudsafe
https://github.com/google/sentencepiece0%Avira URL Cloudsafe
https://github.com/google/private-join-and-compute0%Avira URL Cloudsafe
https://github.com/aawc/unrar.git0%Avira URL Cloudsafe
https://android.googlesource.com/platform/external/setupdesign/0%Avira URL Cloudsafe
https://github.com/tensorflow/models0%Avira URL Cloudsafe
https://github.com/google/re20%Avira URL Cloudsafe
http://www.suitable.com/tools/smslib.html0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=en&category=theme81https://myactivity.google.com/myactivity/?u0%Avira URL Cloudsafe
https://www.rfc-editor.org/rfc/rfc9562.html#name-example-of-a-uuidv7-value0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=en-GB&category=theme81https://myactivity.google.com/myactivity0%Avira URL Cloudsafe
http://www.suitable.com/tools/smslib.html>0%Avira URL Cloudsafe
https://github.com/KhronosGroup/SPIRV-Headers.git0%Avira URL Cloudsafe
https://github.com/tensorflow/tflite-support0%Avira URL Cloudsafe
https://github.com/tensorflow/tensorflow0%Avira URL Cloudsafe
http://www.webrtc.org0%Avira URL Cloudsafe
https://github.com/KhronosGroup/Vulkan-Headers0%Avira URL Cloudsafe
https://sqlite.org/0%Avira URL Cloudsafe
https://github.com/dominictarr/varstruct.git0%Avira URL Cloudsafe
https://github.com/Cyan4973/xxHash0%Avira URL Cloudsafe
https://github.com/sponsors/ljharb0%Avira URL Cloudsafe
http://www.opensource.org/licenses/bsd-license.php0%Avira URL Cloudsafe
http://www.ploscompbiol.org/static/license0%Avira URL Cloudsafe
https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl0%Avira URL Cloudsafe
https://github.com/Maratyszcza/pthreadpool0%Avira URL Cloudsafe
https://github.com/sponsors/sindresorhus0%Avira URL Cloudsafe
https://github.com/google/xnnpack0%Avira URL Cloudsafe
https://github.com/puppeteer/puppeteer/tree/main/packages/puppeteer-core0%Avira URL Cloudsafe
https://www.unicode.org/copyright.html.0%Avira URL Cloudsafe
http://www.chromium.org0%Avira URL Cloudsafe
https://support.google.com/chrome/a/answer/91222840%Avira URL Cloudsafe
http://freedesktop.org0%Avira URL Cloudsafe
http://re-becca.org/)0%Avira URL Cloudsafe
https://www.rfc-editor.org/rfc/rfc9562.html#section-6.2-5.10%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=zh-CN&category=theme81https://myactivity.google.com/myactivity0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=zh-CNCtrl$10%Avira URL Cloudsafe
http://ljharb.codes0%Avira URL Cloudsafe
https://developers.google.com/android/guides/setup0%Avira URL Cloudsafe
https://github.com/LiosK/UUID.js0%Avira URL Cloudsafe
https://github.com/chalk/wrap-ansi?sponsor=10%Avira URL Cloudsafe
https://github.com/KhronosGroup/Vulkan-Loader0%Avira URL Cloudsafe
http://www.strongtalk.org/0%Avira URL Cloudsafe
https://github.com/SeleniumHQ/selenium/tree/trunk0%Avira URL Cloudsafe
https://github.com/uuidjs/uuid/pull/677#issuecomment-17573513510%Avira URL Cloudsafe
https://github.com/blueimp/JavaScript-MD50%Avira URL Cloudsafe
https://gitlab.freedesktop.org/xdg/xdgmime0%Avira URL Cloudsafe
https://chrome.google.com/webstore?hl=zh-TW&category=theme81https://myactivity.google.com/myactivity0%Avira URL Cloudsafe
http://cldr.unicode.org/index/downloads0%Avira URL Cloudsafe
http://source.android.com/0%Avira URL Cloudsafe
https://github.com/tensorflow/text.git0%Avira URL Cloudsafe
https://github.com/google/ruy0%Avira URL Cloudsafe
https://polymer-library.polymer-project.org0%Avira URL Cloudsafe
https://github.com/google/shell-encryption0%Avira URL Cloudsafe
http://zlib.net/0%Avira URL Cloudsafe
https://github.com/wasdk/wasmparser0%Avira URL Cloudsafe
http://int3.de/0%Avira URL Cloudsafe
https://github.com/npm/wrappy0%Avira URL Cloudsafe
https://myactivity.google.com/0%Avira URL Cloudsafe
http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/xz/COPYING0%Avira URL Cloudsafe
https://github.com/google/protobuf0%Avira URL Cloudsafe
https://chromeenterprise.google/policies/#BrowserSwitcherUrlList0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
chrome.cloudflare-dns.com
172.64.41.3
truefalse
    unknown
    file.io
    45.55.107.24
    truefalse
      unknown
      discord.com
      162.159.135.232
      truefalse
        unknown
        oshi.at
        194.15.112.248
        truefalse
          unknown
          tempfile.me
          193.37.215.73
          truefalse
            unknown
            api.gofile.io
            51.38.43.18
            truefalse
              unknown
              zerostone.discloud.app
              unknown
              unknownfalse
                unknown
                NameMaliciousAntivirus DetectionReputation
                http://92.246.138.20/storagefalse
                • Avira URL Cloud: safe
                unknown
                NameSourceMaliciousAntivirus DetectionReputation
                https://chrome.google.com/webstore?hl=vi&category=theme81https://myactivity.google.com/myactivity/?uKyrazonSetup.exe, 00000000.00000003.1937505732.0000000002F27000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/iarna/wide-alignKyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/simplejson/simplejsonKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/Squirrel/Squirrel.MacKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://chromium.googlesource.com/vulkan-deps/KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/google/ukey2KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://support.google.com/chrome/answer/6098869KyrazonSetup.exe, 00000000.00000003.1936778814.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1937687612.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1937505732.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1934910421.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1936662750.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1937598463.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1934799027.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1936524133.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1934544289.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, zh-CN.pak.0.drfalse
                • URL Reputation: safe
                unknown
                https://www.google.com/chrome/privacy/eula_text.htmlzh-CN.pak.0.drfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/KhronosGroup/SPIRV-Tools.gitKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                http://webkit.org/KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                http://www.freedesktop.org/wiki/Software/xdg-user-dirsKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                http://docs.python.org/library/uuid.htmlKyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://www.apache.org/licenses/LICENSE-2.0KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                unknown
                http://code.google.com/p/smhasher/KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/sponsors/ctavanKyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://photos.google.com/settings?referrer=CHROME_NTPzh-CN.pak.0.drfalse
                • Avira URL Cloud: safe
                unknown
                http://www.linux-usb.org/usb-ids.htmlKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                http://tukaani.org/xz/KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://chrome.google.com/webstore?hl=pl&category=theme81https://myactivity.google.com/myactivity/?uKyrazonSetup.exe, 00000000.00000003.1936524133.0000000002F27000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrlKyrazonSetup.exe, 00000000.00000003.1937505732.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1936524133.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, zh-CN.pak.0.drfalse
                • Avira URL Cloud: safe
                unknown
                https://hg.mozilla.org/mozilla-central/file/tip/netwerk/base/nsURLParsers.cppKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://skia.org/KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/google/diff-match-patch/tree/master/javascriptKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                http://opensource.perlig.de/rjsmin/KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://android.googlesource.com/platform/external/puffinKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22KyrazonSetup.exe, 00000000.00000003.1936778814.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1937687612.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1937505732.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1934910421.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1936662750.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1937598463.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1934799027.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1936524133.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1934544289.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1934638566.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, zh-CN.pak.0.drfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/google/pprof/tree/master/protoKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/jrmuizel/qcms/tree/v4KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                http://www.movable-type.co.uk/scripts/sha1.htmlKyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://chromium.googlesource.com/chromium/src/KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                unknown
                https://github.com/google/woff2KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                http://blog.izs.me)KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/google/sentencepieceKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/google/private-join-and-computeKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/sponsors/broofaKyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://support.google.com/chromebook?p=app_intentzh-CN.pak.0.drfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/aawc/unrar.gitKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://android.googlesource.com/platform/external/setupdesign/KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/google/re2KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/tensorflow/modelsKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                http://www.suitable.com/tools/smslib.htmlKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/KhronosGroup/SPIRV-Headers.gitKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://chrome.google.com/webstore?hl=en&category=theme81https://myactivity.google.com/myactivity/?uKyrazonSetup.exe, 00000000.00000003.1934799027.00000000007CC000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://www.apache.org/licenses/KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                unknown
                https://chrome.google.com/webstore?hl=en-GB&category=theme81https://myactivity.google.com/myactivityKyrazonSetup.exe, 00000000.00000003.1934638566.00000000007CC000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                http://nsis.sf.net/NSIS_ErrorErrorKyrazonSetup.exefalse
                • URL Reputation: safe
                unknown
                https://www.rfc-editor.org/rfc/rfc9562.html#name-example-of-a-uuidv7-valueKyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                http://www.suitable.com/tools/smslib.html>KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/tensorflow/tflite-supportKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/tensorflow/tensorflowKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                http://www.webrtc.orgKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://blueimp.netKyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                unknown
                https://sqlite.org/KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/KhronosGroup/Vulkan-HeadersKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrlKyrazonSetup.exe, 00000000.00000003.1937505732.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1936524133.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, zh-CN.pak.0.drfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/dominictarr/varstruct.gitKyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/sponsors/ljharbKyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                http://nsis.sf.net/NSIS_ErrorKyrazonSetup.exefalse
                • URL Reputation: safe
                unknown
                https://github.com/Cyan4973/xxHashKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/Maratyszcza/pthreadpoolKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                http://www.opensource.org/licenses/bsd-license.phpKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/sponsors/sindresorhusKyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                http://www.ploscompbiol.org/static/licenseKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/google/xnnpackKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/puppeteer/puppeteer/tree/main/packages/puppeteer-coreKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://support.google.com/chrome/a/answer/9122284KyrazonSetup.exe, 00000000.00000003.1936778814.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1937687612.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1937505732.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1934910421.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1936662750.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1937598463.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1936524133.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1934544289.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, zh-CN.pak.0.drfalse
                • Avira URL Cloud: safe
                unknown
                http://www.chromium.orgKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://www.unicode.org/copyright.html.KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                http://freedesktop.orgKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                http://re-becca.org/)KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://chrome.google.com/webstore?hl=zh-CN&category=theme81https://myactivity.google.com/myactivityKyrazonSetup.exe, 00000000.00000003.1937598463.00000000007CC000.00000004.00000020.00020000.00000000.sdmp, zh-CN.pak.0.drfalse
                • Avira URL Cloud: safe
                unknown
                http://ljharb.codesKyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://www.rfc-editor.org/rfc/rfc9562.html#section-6.2-5.1KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://chrome.google.com/webstore?hl=zh-CNCtrl$1zh-CN.pak.0.drfalse
                • Avira URL Cloud: safe
                unknown
                https://developers.google.com/android/guides/setupKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/LiosK/UUID.jsKyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/chalk/wrap-ansi?sponsor=1KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/KhronosGroup/Vulkan-LoaderKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                http://www.strongtalk.org/KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/SeleniumHQ/selenium/tree/trunkKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/uuidjs/uuid/pull/677#issuecomment-1757351351KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://gitlab.freedesktop.org/xdg/xdgmimeKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/blueimp/JavaScript-MD5KyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://opensource.org/licenses/MITKyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                unknown
                http://cldr.unicode.org/index/downloadsKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://chrome.google.com/webstore?hl=zh-TW&category=theme81https://myactivity.google.com/myactivityKyrazonSetup.exe, 00000000.00000003.1937687612.00000000007CC000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                http://source.android.com/KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/tensorflow/text.gitKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/google/ruyKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://polymer-library.polymer-project.orgKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/google/shell-encryptionKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/npm/wrappyKyrazonSetup.exe, 00000000.00000003.1937924115.00000000050E2000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                http://zlib.net/KyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/wasdk/wasmparserKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                http://int3.de/KyrazonSetup.exe, 00000000.00000003.1938061587.00000000007CF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://myactivity.google.com/zh-CN.pak.0.drfalse
                • Avira URL Cloud: safe
                unknown
                https://github.com/google/protobufKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/xz/COPYINGKyrazonSetup.exe, 00000000.00000003.1932544119.00000000050DF000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                unknown
                https://chromeenterprise.google/policies/#BrowserSwitcherUrlListKyrazonSetup.exe, 00000000.00000003.1937505732.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, KyrazonSetup.exe, 00000000.00000003.1936524133.0000000002F27000.00000004.00000020.00020000.00000000.sdmp, zh-CN.pak.0.drfalse
                • Avira URL Cloud: safe
                unknown
                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs
                IPDomainCountryFlagASNASN NameMalicious
                194.15.112.248
                oshi.atUkraine
                213354INTERNATIONAL-HOSTING-SOLUTIONS-ASEUDCrouteGBfalse
                162.159.61.3
                unknownUnited States
                13335CLOUDFLARENETUSfalse
                193.37.215.73
                tempfile.meBulgaria
                44901BELCLOUDBGfalse
                92.246.138.20
                unknownRussian Federation
                8744MEGAMAX-ASNizhnyNovgorodRUfalse
                45.55.107.24
                file.ioUnited States
                14061DIGITALOCEAN-ASNUSfalse
                162.159.135.232
                discord.comUnited States
                13335CLOUDFLARENETUSfalse
                172.64.41.3
                chrome.cloudflare-dns.comUnited States
                13335CLOUDFLARENETUSfalse
                51.38.43.18
                api.gofile.ioFrance
                16276OVHFRfalse
                Joe Sandbox version:40.0.0 Tourmaline
                Analysis ID:1489101
                Start date and time:2024-08-07 00:06:08 +02:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 12m 4s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Run name:Run with higher sleep bypass
                Number of analysed new started processes analysed:209
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Sample name:KyrazonSetup.exe
                Detection:MAL
                Classification:mal68.spyw.winEXE@302/101@10/8
                EGA Information:
                • Successful, ratio: 100%
                HCA Information:
                • Successful, ratio: 100%
                • Number of executed functions: 46
                • Number of non-executed functions: 43
                Cookbook Comments:
                • Found application associated with file extension: .exe
                • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                • Exclude process from analysis (whitelisted): MpCmdRun.exe, Conhost.exe, dllhost.exe, SIHClient.exe, conhost.exe, svchost.exe
                • Excluded IPs from analysis (whitelisted): 142.250.81.227
                • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, www.gstatic.com, fe3cr.delivery.mp.microsoft.com
                • Not all processes where analyzed, report is missing behavior information
                • Report size exceeded maximum capacity and may have missing behavior information.
                • Report size getting too big, too many NtOpenKeyEx calls found.
                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.
                • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                • VT rate limit hit for: KyrazonSetup.exe
                TimeTypeDescription
                18:07:16API Interceptor12x Sleep call for process: KyrazonSetup.exe modified
                23:07:31AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KyrazonGodot.lnk
                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                194.15.112.248Order._1.exeGet hashmaliciousAsyncRAT, Babadeda, PureLog Stealer, zgRATBrowse
                  uVQLD8YVk6.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, RHADAMANTHYS, RedLine, SmokeLoaderBrowse
                    W73PCbSH71.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, RHADAMANTHYS, RedLine, SmokeLoaderBrowse
                      162.159.61.3https://appdownload.deepl.com/windows/0install/deepl.xmlGet hashmaliciousUnknownBrowse
                        Sensitive Document-61038-4303IVA.pdfGet hashmaliciousUnknownBrowse
                          https://u21400890.ct.sendgrid.net/ls/click?upn=u001.ZENAnSo5cFx5DxuDu-2FHuvadAcLRIQDcgkSJz-2Bjqz3HjCX08qqHDVgbTaQzva-2BN-2FYuNlWNsvlQDG1teDHfohKOhwjtHSnClVsxAsoebZ6uGMQ11YzY-2FjOkY3fO-2FBfCGCQtOSNjhlGOLB7kr5W0tkFViFapF4uyYxGvGElpApxHU0I1-2F8LmdG8kd0-2Fbei0oZZR6fv2OtB6cvyfWjsjKaQ-2BhZg50kMgetE2Y7GDUwvFGzXieKZkqNgnc77gOQN86GXaYuSz-2BR4JNBLnqNZYgqEd1gcgqg6aYDz-2FnGtw6IeBw7b75dJ6t9I-2BDDby3vI3GVDGWRqMKoKcMZVrK-2BcAJVSDsVt2bkI2KMp3tGi3WrqD-2FEy2BwpAhVM-2FGo2yNO5U-2BtA9ONVH6KmoQeASFW6uHBSMLiTKzQhtnH3U-2FUo8D8-2B2weF59QYxv9qhdMvzHbI2dslKeOLp6Ue7PvtAkqvCRaxGHNdyzEGMNseHFr5myORUlBqPm-2B-2BJp2QJkSFJgB7SZeiqXQ-2Bkl-2FrA-2F08S-2FKDyBcFI1jWxPpnmYouKp757cQdZ9StqHc-2B-2BnBI2fC3ljpPYCMz1n9WLUho1cGYGVTQDkRPAcq5-2FzizJtgdLoITO4DZRIMJAPCDt-2FUo182dVmk2pD1nHbHxsKSjMM6xYqKoAQ5uAnEiMJvunLCg-2FjKt1yhqPDV1VMzcStp197Em08HDtdfloTjLuWoRl1fTho8D3-2F7MnKg-3D-3DxV1V_GVdTVisepyi0Aw01b0BRD-2BKSCtNBh-2B1tF5T5rfe7wEFD9AdIExlXXw89p-2F-2Byorq-2BFOV9pQEyXLEDSYLC4mATCquXR1OzjoT9n2eSoXSfmIc49wMCwcxwgXGx3RCdcwbz2Qd6dMj98BM7RoQp8iPlFDQ1gR9BA1qx3HwpmS9sH-2BbSRz81nL8dhMY-2FRlffYnknGBsfL10bsj2vt-2Fn-2Fi3TIYDr-2BIw-2BpJVw8wG5OwFYSRmh6RcAEe-2BcwVvfRnOs4LNBsW1ZfLs-2Ft692nraZCpclt74wRG2OCsXpfkbuGxj0b3uHEL4XC4RzPh5yGzwa4Wqr3q2Ch3N-2FQKUvyn6XsTsCXU99OdXiixmlN7AlRAyGxCY9aRkAbToB1pSTqqfptQTS07adfBscAWDry7W6Hne4tscD2A68WDDv016mZz9aZEAFoqT3wxqOA69WDB7PJI7J58b62hIuDluPiCxsMOwUxjQJB8dOwcxOeIgtCHLY6K-2BKNfSryskU0xNGl4b7bJKKDr6t-2BIR4ztkWmVyhc7egxU-2BRgg1Jk8zLObZDrNt8FemsmoRhUdvq-2FHVqcQd-2BoO-2BlktrVyvw9G09s5fNk1OWpbw8C8lwvrRO-2B4uRM4L-2FTIi-2F1GuXcTt8cUWe7YB1m-2FwDXqpc3fi4zFi-2BX3EP6K-2Fh0PJ4NXMZs6aJGqb9m1S9l4-2FXoe0ckcUyOO7xlfnjAUvIygp3c6-2FYihjTp5XDMQ5N0IeeA72O0-2BTz1EqEFebLbTOMUCwPx8KdyJkdAe-2B2JBUYILjLyYc-2BznIDw-2FhNM4baeajh4-2BNRQgJLMS-2FUJmJDp2BFO4-2ByLsVMEsUA65tw-2BD1YhEjgi-2FW3xKSC7O2lFiIIU29w-3D-3DGet hashmaliciousUnknownBrowse
                            354NzNzXLC.exeGet hashmaliciousUnknownBrowse
                              354NzNzXLC.exeGet hashmaliciousUnknownBrowse
                                SecuriteInfo.com.HEUR.Trojan.Script.Generic.5591.10617.exeGet hashmaliciousUnknownBrowse
                                  SecuriteInfo.com.HEUR.Trojan.Script.Generic.5591.10617.exeGet hashmaliciousUnknownBrowse
                                    sorto.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                      random.exeGet hashmaliciousBabadedaBrowse
                                        193.37.215.73TamenuV11.msiGet hashmaliciousUnknownBrowse
                                          92.246.138.20TamenuV11.msiGet hashmaliciousUnknownBrowse
                                          • 92.246.138.20/storage
                                          LO-Installer64x.exeGet hashmaliciousUnknownBrowse
                                          • 92.246.138.20/decrypt
                                          LO-Installer64x.exeGet hashmaliciousUnknownBrowse
                                          • 92.246.138.20/victim
                                          45.55.107.24qqgv6uKJOd.exeGet hashmaliciousUnknownBrowse
                                            E5wbN5MIkS.exeGet hashmaliciousUnknownBrowse
                                              Zoom_cm_fo42mnktZ3vvrZo4_mcxLWKARIBTqAZMiXhNcPdK2XiaXQbbYgVC8@wuMpXMIo-d3UZAye.exeGet hashmaliciousClipboard HijackerBrowse
                                                Zoom_workspace.htaGet hashmaliciousCobalt Strike, Clipboard HijackerBrowse
                                                  zrpPKBbxN0.exeGet hashmaliciousClipboard HijackerBrowse
                                                    qqgv6uKJOd.exeGet hashmaliciousClipboard HijackerBrowse
                                                      E5wbN5MIkS.exeGet hashmaliciousClipboard HijackerBrowse
                                                        Zoom_cm_fo42mnktZ3vvrZo4_mcxLWKARIBTqAZMiXhNcPdK2XiaXQbbYgVC8@wuMpXMIo-d3UZAye.exeGet hashmaliciousClipboard HijackerBrowse
                                                          TamenuV11.msiGet hashmaliciousUnknownBrowse
                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            discord.comLauncher.exeGet hashmaliciousPython Stealer, Stink StealerBrowse
                                                            • 162.159.136.232
                                                            https://ipfs.io/ipfs/bafkreihautmmzqkuyabmbht3wi6czre2h5vr2nu626geog3db3d5676rma?filename=Session.htmlGet hashmaliciousUnknownBrowse
                                                            • 162.159.135.232
                                                            https://ipfs.io/ipfs/bafkreihautmmzqkuyabmbht3wi6czre2h5vr2nu626geog3db3d5676rma?filename=Session.htmlGet hashmaliciousUnknownBrowse
                                                            • 162.159.136.232
                                                            zamPeEkHWr.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                                            • 162.159.138.232
                                                            IDLBk4XMUa.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                                            • 162.159.138.232
                                                            sc7Qi5VdE1.exeGet hashmaliciousXmrigBrowse
                                                            • 162.159.128.233
                                                            II.exeGet hashmaliciousXmrigBrowse
                                                            • 162.159.128.233
                                                            WireGaurd.exeGet hashmaliciousUnknownBrowse
                                                            • 162.159.135.232
                                                            http://dc.tensgpt.com/branding/Get hashmaliciousUnknownBrowse
                                                            • 162.159.128.233
                                                            file.ioZoom_workspace.htaGet hashmaliciousCobalt Strike, Clipboard HijackerBrowse
                                                            • 45.55.107.24
                                                            https://pullcom.sharefile.com/d-s9f647cf107ba4fd2915e09639d521617Get hashmaliciousUnknownBrowse
                                                            • 13.224.189.90
                                                            TamenuV11.msiGet hashmaliciousUnknownBrowse
                                                            • 51.91.7.6
                                                            file.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                                                            • 31.14.70.245
                                                            FpiUD4nYpj.exeGet hashmaliciousLummaC, AsyncRAT, Go Injector, LummaC Stealer, SmokeLoader, VenomRATBrowse
                                                            • 31.14.70.245
                                                            e9ddd60081c3e01d049dc4d5ed5f150afc27ffbbdb8b6adf558fa677ad8875dd_dump.exeGet hashmaliciousLummaC, AsyncRAT, Go Injector, LummaC Stealer, SmokeLoader, VenomRATBrowse
                                                            • 31.14.70.245
                                                            file.exeGet hashmaliciousLummaC, Go Injector, LummaC Stealer, SmokeLoaderBrowse
                                                            • 31.14.70.245
                                                            Setup 3.0.0.msiGet hashmaliciousUnknownBrowse
                                                            • 51.91.7.6
                                                            LisectAVT_2403002A_392.exeGet hashmaliciousNovaSentinelBrowse
                                                            • 45.112.123.126
                                                            chrome.cloudflare-dns.comhttp://links.notification.intuit.com/ls/click?upn=u001.Hu9nToJLxsJSQR8ZHWn8Ib7JikYF6PNXv5VK-2BAfeSpVHPRNy-2BFDtJ-2BhNUfKXTverofrKjvXVKH4ba5KbTX-2BS4eolOmoqM1d-2FAsT7bo0o9oa7qT1U3GMGZJy6-2BFlyY5FKqCH-2Fb0TBgMIlfk3hZc2dEXIW44gFUiXv2pELC0xY8q3OL487ev9b-2BXuN0YaSLRqNcrBuQBCWETIvbvqp1I3D49qIIzFllOmJcF7JzzUNug5fu-2BQkXb2MTACQogQ8BKS941y-2BUAkv96V8qvCyOZ-2Fh0g-3D-3DQVuy_TWx-2F7BnezetvOi11YVOxjlH-2FgiHV8ri9UhxYPYwVHHASfWFQ19Qie46s-2BnnbEp2iKDN8O6SLOGBAC22QkWiKuJvnNmXAxt9hrvlB2lil0KFZBvXA1MinJ4yQFBou-2FVsP5WARw9uVlhWLAmpnKQBPi7AZkigikT7VSRBpeIq9aBP-2BqBgTCkOWswJ4DPyfCZg-2BqfuDsoAzFtuT956qkYNvi5ceB6dLf-2FC3bYzcD0xinVnf3y1XBPhK93cMhEsjJE9QNwl4nAFseTtOhkArrXCUB-2B-2BB0gvWoi9jaQxjcXdtvnJc7xYBN27cZqePsPE2rolPJ2Wg41eiz5iuaEMJOsui5yHjP-2F4hzliC3PPz702B6-2F57kG6Nm9a1VoAIDvuTy0VIAqFiyC2-2Bv9RRvYkqokyFJAqRLp88DxMuSCKqmV-2BVJFYUqGw-2FR-2FOSLMQrivU7-2BUOpOTY8VliBjWiFItp8SFXymE1QFyKaGqrFuOLtPSCBmgdIVaLkSXR8Ng-2B5o5USdaonImgnP5zamNSP4SEQLHSNab6Ny1whEw1hMwecGuNmdYi7ZBmQMw013nylju8ETJWikPnCSVU7bFYz0GgrydT3VaS13VV1Cg6bSEaab9THdXyCwhTyaZz20lYzLAxCLtfGxOWttDfGRAAVVgbgdxpgJkr9SVUxNoC2521t0rnQ0a4PHmGcOq-2FbH-2BpxfdanJFmk&c=E,1,DfVLZQQrn0FbzPVbZfjGLgioesiM01M6sPmWDum9VNKf9koXlYMxtM2q4tgabHbzWFZR1oGKtsNfKYFflaRaYyPGW_4v3O5Sk_dpVW0Hh3BnQhUpZC8,&typo=1Get hashmaliciousUnknownBrowse
                                                            • 172.64.41.3
                                                            354NzNzXLC.exeGet hashmaliciousUnknownBrowse
                                                            • 162.159.61.3
                                                            354NzNzXLC.exeGet hashmaliciousUnknownBrowse
                                                            • 162.159.61.3
                                                            i2RndFIwSG.lnkGet hashmaliciousDcRat, PureLog Stealer, Remcos, zgRATBrowse
                                                            • 172.64.41.3
                                                            https://drive.google.com/file/d/1qk4M6gC8HMvUrCnMW6Gm-43NKGrREvQO/view?usp=sharingGet hashmaliciousUnknownBrowse
                                                            • 172.64.41.3
                                                            SecuriteInfo.com.HEUR.Trojan.Script.Generic.5591.10617.exeGet hashmaliciousUnknownBrowse
                                                            • 172.64.41.3
                                                            SecuriteInfo.com.HEUR.Trojan.Script.Generic.5591.10617.exeGet hashmaliciousUnknownBrowse
                                                            • 162.159.61.3
                                                            sorto.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                                            • 162.159.61.3
                                                            random.exeGet hashmaliciousBabadedaBrowse
                                                            • 172.64.41.3
                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            INTERNATIONAL-HOSTING-SOLUTIONS-ASEUDCrouteGBOrder._1.exeGet hashmaliciousAsyncRAT, Babadeda, PureLog Stealer, zgRATBrowse
                                                            • 194.15.112.248
                                                            uVQLD8YVk6.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, RHADAMANTHYS, RedLine, SmokeLoaderBrowse
                                                            • 194.15.112.248
                                                            W73PCbSH71.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Petite Virus, RHADAMANTHYS, RedLine, SmokeLoaderBrowse
                                                            • 194.15.112.248
                                                            1pXdiCesZ6.exeGet hashmaliciousDanaBotBrowse
                                                            • 194.15.112.203
                                                            bad.pdf.exeGet hashmaliciousUnknownBrowse
                                                            • 194.15.113.200
                                                            FromRussiaWithLove.ps1Get hashmaliciousUnknownBrowse
                                                            • 194.15.112.70
                                                            x.exeGet hashmaliciousUnknownBrowse
                                                            • 194.15.113.210
                                                            b69SScPQRV.dllGet hashmaliciousBazaLoaderBrowse
                                                            • 194.15.113.155
                                                            Dsf8JqfE7v.dllGet hashmaliciousBazaLoaderBrowse
                                                            • 194.15.113.155
                                                            MEGAMAX-ASNizhnyNovgorodRUAuthenticator_v5.1.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                            • 92.246.139.64
                                                            Authenticator_v5.1.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                            • 92.246.139.64
                                                            TamenuV11.msiGet hashmaliciousUnknownBrowse
                                                            • 92.246.138.20
                                                            LO-Installer64x.exeGet hashmaliciousUnknownBrowse
                                                            • 92.246.138.20
                                                            LO-Installer64x.exeGet hashmaliciousUnknownBrowse
                                                            • 92.246.138.20
                                                            qqeng.pdf.lnkGet hashmaliciousAmadeyBrowse
                                                            • 92.246.138.48
                                                            6l1kqDkxR2.elfGet hashmaliciousMoobotBrowse
                                                            • 212.67.2.58
                                                            cJVeMuYr6y.exeGet hashmaliciouslgoogLoaderBrowse
                                                            • 92.246.139.106
                                                            cJVeMuYr6y.exeGet hashmaliciousUnknownBrowse
                                                            • 92.246.139.106
                                                            BELCLOUDBGTamenuV11.msiGet hashmaliciousUnknownBrowse
                                                            • 193.37.215.73
                                                            https://littlepancakeswap.com/Get hashmaliciousUnknownBrowse
                                                            • 185.203.118.246
                                                            https://www.littlepancakeswap.com/Get hashmaliciousUnknownBrowse
                                                            • 185.203.118.246
                                                            gjKFijNP5I.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                            • 94.156.144.79
                                                            p0DSCR991t.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                            • 94.156.144.79
                                                            xqEPYdfyC8.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                            • 94.156.144.79
                                                            36PbKsKext.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                            • 94.156.144.79
                                                            Cdi2VB56V3.elfGet hashmaliciousMirai, GafgytBrowse
                                                            • 94.156.144.79
                                                            6LoSg06Yb5.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                            • 94.156.144.79
                                                            CLOUDFLARENETUShttps://inspectbookclean.com/Get hashmaliciousHTMLPhisherBrowse
                                                            • 188.114.97.3
                                                            http://rsdghfjgvutg.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                            • 104.17.25.14
                                                            https://steammcomunity.com/connect/wallet/giftGet hashmaliciousHTMLPhisherBrowse
                                                            • 188.114.97.3
                                                            Setup_20.1_win64.exeGet hashmaliciousVidarBrowse
                                                            • 104.21.68.220
                                                            https://hhhfhbsvdgghsdghf.com/Get hashmaliciousHTMLPhisherBrowse
                                                            • 188.114.97.3
                                                            https://big-twilight-miniature.on-fleek.app/#jshuffield@nexvestra.comGet hashmaliciousUnknownBrowse
                                                            • 172.67.73.189
                                                            Setup.exeGet hashmaliciousLummaCBrowse
                                                            • 188.114.96.3
                                                            Setup.exeGet hashmaliciousLummaCBrowse
                                                            • 188.114.97.3
                                                            xLauncher.exeGet hashmaliciousLummaCBrowse
                                                            • 188.114.96.3
                                                            No context
                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                            C:\Users\user\AppData\Local\Programs\KyrazonGodot\d3dcompiler_47.dllSetup.exeGet hashmaliciousUnknownBrowse
                                                              UnifyX64.exeGet hashmaliciousUnknownBrowse
                                                                UnifyX64.exeGet hashmaliciousUnknownBrowse
                                                                  WorldWars.exeGet hashmaliciousUnknownBrowse
                                                                    WorldWars.exeGet hashmaliciousUnknownBrowse
                                                                      TamenuV11.msiGet hashmaliciousUnknownBrowse
                                                                        TamenuV5.2.exeGet hashmaliciousUnknownBrowse
                                                                          TamenuV5.2.exeGet hashmaliciousUnknownBrowse
                                                                            LisectAVT_2403002A_375.exeGet hashmaliciousUnknownBrowse
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):172671488
                                                                              Entropy (8bit):6.736653382610154
                                                                              Encrypted:false
                                                                              SSDEEP:1572864:q3lB0RhDP7igv6wO+HkaN/xtpj56BZWua2T3jC0gqhd07YeRt6C1Bd1jKoUeKtQk:/Pvt1x2z5m1ij
                                                                              MD5:EEB12AAC1FF31A9D17BA437700CAF9D6
                                                                              SHA1:09AEDF44E30437BE57326C61570BE52930B0F001
                                                                              SHA-256:BD4E25E01DE9EC86B4B55BDE68A59F196BA4AD2F0889F3CAF761A6D548027DD5
                                                                              SHA-512:566F12212B7A3CA1AD1184BD0CB6DF9552A4600BE36FA0C9632681A68C6FEA20068A09E160C404AB31468448DB10308E6B2C3424515F02E5C25EC7BF2F250F02
                                                                              Malicious:true
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...6..e.........."......0o..f......p.j........@..........................................`.............................................9D......T....pw.....`2.0.D...........y..x...k.......................e..(....]o.@...........h...X...hr..`....................text...e/o......0o................. ..`.rdata..x.}..@o...~..4o.............@..@.data.....E..@.......4..............@....pdata..0.D..`2.. D..,..............@..@.00cfg..0.....v......L:.............@..@.gxfg... C....v..D...N:.............@..@.retplne......v.......:..................rodata.......v.......:............. ..`.tls..........w.......:.............@...CPADinfo8.... w.......:.............@...LZMADEC......0w.......:............. ..`_RDATA..\....Pw.......:.............@..@malloc_h.....`w.......:............. ..`.rsrc.......pw.......:.............@..@.reloc...x....y..z...H<.............@..B................
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):135642
                                                                              Entropy (8bit):7.916363227461705
                                                                              Encrypted:false
                                                                              SSDEEP:3072:tezwJCGIekwf9W2bg3yhPaL2o418Gb0+VRLf0ld0GY3cQ3ERVm2I:tezw1Iek+42k3yMK18Gb0OV8ld0GecQJ
                                                                              MD5:A0E681FDD4613E0FFF6FB8BF33A00EF1
                                                                              SHA1:6789BACFE0B244AB6872BD3ACC1E92030276011E
                                                                              SHA-256:86F6B8FFA8788603A433D425A4BC3C4031E5D394762FD53257B0D4B1CFB2FFA2
                                                                              SHA-512:6F6A1A8BFE3D33F3FA5F6134DAC7CD8C017E38E5E2A75A93A958ADDBB17A601C5707D99A2AF67E52C0A3D5206142209703701CD3FAB44E0323A4553CAEE86196
                                                                              Malicious:false
                                                                              Preview:....................5...........r..........._.......................P.....J.................c!.....#....#......8.....;.....@....PC.....E.....G....8J....(L....XN.....R.....U..!..Y.."..Z..$..[..&..]..'..^....]_../.we..0..k..1./m..2..m.....n.....o.....q.....t....xw.....z.....~..........,...........................w.........0....{....@....C....y....v.......................................u"...K)....+.../...t3....=...!@...xH...]L....U...5`....pd.....f.....n....Lw....4x.....y.....{.....~....W.....l...........'...........b.......................`............................p................r.....w...0.|...1.<...2.....3.....4.$...5.....6....7.....8.....9.s...:....;.*...<.....=.r...>.`...?.x...@.~...A.8...C.....D.....E.....F.W...G.!...H.....I.....J.....K.....L.....O.....&.....'.....(.5...).....*.*...+.T...,.!...-.k........./.....0.Y...1.....2.....3.....4.....5.....6.!...7.....8.7...9.....:.P...<.....=.-...>.....?.....@.Y...A.....B.{...C.....D.-...E.....F...
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):195396
                                                                              Entropy (8bit):7.94178165609805
                                                                              Encrypted:false
                                                                              SSDEEP:3072:ADQYaE/N6Mrvy/3JP29W2bg3yhPaafR54x5GMR+F44ffbdZnYw9p4AbIVGYoDd+y:ADQYaSN6svyd242k3yxgx5GMRejnbdZR
                                                                              MD5:C37BD7A6B677A37313B7ECC4FF01B6F5
                                                                              SHA1:79DB970C44347BD3566CEFB6CABD1995E8E173DF
                                                                              SHA-256:8C1AE81D19FD6323A02EB460E075E2F25ABA322BC7D46F2E6EDB1C4600E6537A
                                                                              SHA-512:A7B07133FA05593B102A0E5E5788B29488CB74656C5EE25DE897C2BA2B2A7B05C0663ADE74A003F7D6DF2134D0B75F0AD25E15E9C9E0969E9453B7FC40B9F8BB
                                                                              Malicious:false
                                                                              Preview:....................<..........................................$.....).....,....N4.....8.....@.....D....;Y.....m.....s....y}.........e...........W...........>.....b.....k...!.%...".}...$.....&.....'........../.#...0.....1.(...2.......$...........9.....-.....2.....q...........d...................................m.........&F...qP...6S....W....a....c...ff....k....v...sx..................~....`....*............F....r............r.....................s...................................*.....E.................W.............................. ....5#....2*....P-....i4.....<....[?.....f.....g....bl..0.Eq..1.sr..2..t..3..u..4.lv..5..w..6.ry..7..z..8.v|..9..~..:.....;.I...<.7...=.....>.....?.....@.....A....C.....D.....E....F.....G.9...H.Z...I.N...J."...K....L.....O.D...&.>...'.....(.....).[...*.....+.<...,.....-.k........./.)...0.}...1.....2.....3.....4.r...5.....6.....7.$...8.....9.U...:.....<.....=.....>.....?.P...@.....A.k...B.,...C.....D.*...E.....F.$.
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):4916712
                                                                              Entropy (8bit):6.398049523846958
                                                                              Encrypted:false
                                                                              SSDEEP:49152:KCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNc:xG2QCwmHPnog/pzHAo/A6l
                                                                              MD5:2191E768CC2E19009DAD20DC999135A3
                                                                              SHA1:F49A46BA0E954E657AAED1C9019A53D194272B6A
                                                                              SHA-256:7353F25DC5CF84D09894E3E0461CEF0E56799ADBC617FCE37620CA67240B547D
                                                                              SHA-512:5ADCB00162F284C16EC78016D301FC11559DD0A781FFBEFF822DB22EFBED168B11D7E5586EA82388E9503B0C7D3740CF2A08E243877F5319202491C8A641C970
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Joe Sandbox View:
                                                                              • Filename: Setup.exe, Detection: malicious, Browse
                                                                              • Filename: UnifyX64.exe, Detection: malicious, Browse
                                                                              • Filename: UnifyX64.exe, Detection: malicious, Browse
                                                                              • Filename: WorldWars.exe, Detection: malicious, Browse
                                                                              • Filename: WorldWars.exe, Detection: malicious, Browse
                                                                              • Filename: TamenuV11.msi, Detection: malicious, Browse
                                                                              • Filename: TamenuV5.2.exe, Detection: malicious, Browse
                                                                              • Filename: TamenuV5.2.exe, Detection: malicious, Browse
                                                                              • Filename: LisectAVT_2403002A_375.exe, Detection: malicious, Browse
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|3..]...]...]..e\...]...\.5.]..e...]..wX...]..wY...]..e^...]..eX.y.]..eY...]..e]...]..eU./.]..e....]..e_...].Rich..].................PE..d...^.}`.........." ......8..........<).......................................K.....:FK...`A........................................`%G.x....(G.P.....J.@.....H.......J..%....J.....p.D.p....................S<.(...pR<.@............S<.(............................text.....8.......8................. ..`.rdata...F....8..P....8.............@..@.data...`....@G......@G.............@....pdata........H......@H.............@..@.rsrc...@.....J......@J.............@..@.reloc........J......PJ.............@..B........................................................................................................................................................................................................................................
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):2887680
                                                                              Entropy (8bit):6.7090688959107
                                                                              Encrypted:false
                                                                              SSDEEP:49152:9F5qb84KtStWEK/Ju2lf3tAtiLHQVTf6yfcrhCHDXLl8+0LKSQUSCu:9FvSkJXv+tiLAD0+DUS5
                                                                              MD5:208E7AF956A0803900125BDC11A3ECF2
                                                                              SHA1:1BD84174194485DA634BF8B3AF0A78E236316A8E
                                                                              SHA-256:D863C8A26744703F2D12C674B45C87D8B34E21EFCE169D4797B57964D168B077
                                                                              SHA-512:76937999A21391107D9EBCFD66C7A2CA967CC7CAC7AEB2B15BBECA6B546423A3D5C83969EF151C95D916D5A9F653573CD59D05110566D52A5C2679059C4D4EC3
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...6..e.........." ......#.........p........................................PB...........`A........................................x)*....../*.(.............@...............B..4....).......................).(....B#.@............3*.P............................text...5.#.......#................. ..`.rdata..$....0#.......#.............@..@.data.........*.."....*.............@....pdata........@.......*.............@..@.00cfg..8.....A.......+.............@..@.gxfg... -....A.......+.............@..@.retplne......A.......+..................tls..........A.......+.............@..._RDATA..\.....B.......+.............@..@.reloc...4....B..4....+.............@..B........................................................................................................................................................................................................................
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):10717392
                                                                              Entropy (8bit):6.282534560973548
                                                                              Encrypted:false
                                                                              SSDEEP:196608:hpgPBhORiuQwCliXUxbblHa93Whli6Z86WOH:n8wkDliXUxbblHa93Whli6Z8I
                                                                              MD5:E0F1AD85C0933ECCE2E003A2C59AE726
                                                                              SHA1:A8539FC5A233558EDFA264A34F7AF6187C3F0D4F
                                                                              SHA-256:F5170AA2B388D23BEBF98784DD488A9BCB741470384A6A9A8D7A2638D768DEFB
                                                                              SHA-512:714ED5AE44DFA4812081B8DE42401197C235A4FA05206597F4C7B4170DD37E8360CC75D176399B735C9AEC200F5B7D5C81C07B9AB58CBCA8DC08861C6814FB28
                                                                              Malicious:false
                                                                              Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html ......E.......E.......E..P/...E.../...E..P7...E...7...E...h...F...h.. F..Pi..0F......DF.....WF.....jF..P...}F.......F..`....F.......F.. ....F.......F..0....F.......G......G......(G.....;G..@...NG......aG.....tG.......G.......G..@....G.......G.......G.......G..P....G.......H.......H..P...2H......EH..`...UH......hH......yH..P....H.......H.......H..`....H.......H.......H..P....I.......I......-I..@...=I......PI......aI..@...uI.......I...0...I.. 1...I..p1...I...e...I...e...I...i...I..`i...J...i..)J...K..BJ..p...^J..."'.uJ..P.'..J....'..J...5'..J..06'..J...>'..J..P?'..K...D'..K...F'.0K...H'.IK...V'.hK....(..K....(..K..P.)..K....)..K..pW*..K..P.*..L...*+.?L..p.+.bL....+..L...U,..L....,..L....,..L....,..L..@.,..M....,.-M..P.-.IM.. e-.`M...e-.~M...R/..M.../..M..0.0..M..@.0..M..P.0..M....0..N....0.!N...,0.9N...,0.NN..0-0.fN...-0.vN...Y0..N...Z0..N..
                                                                              Process:C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe
                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):140288
                                                                              Entropy (8bit):6.055411992765344
                                                                              Encrypted:false
                                                                              SSDEEP:3072:94PTD6FEzMju6bzJKjpEPeTOKvJhEnww+YbRYvPuq:94jQju6b9KilKvJurR8W
                                                                              MD5:04BFBFEC8DB966420FE4C7B85EBB506A
                                                                              SHA1:939BB742A354A92E1DCD3661A62D69E48030A335
                                                                              SHA-256:DA2172CE055FA47D6A0EA1C90654F530ABED33F69A74D52FAB06C4C7653B48FD
                                                                              SHA-512:4EA97A9A120ED5BEE8638E0A69561C2159FC3769062D7102167B0E92B4F1A5C002A761BD104282425F6CEE8D0E39DBE7E12AD4E4A38570C3F90F31B65072DD65
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 4%
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L..............C.......C.....C................................"...C...............................................Rich............................PE..d....-!e.........." ...#.>..........XG....................................................`.............................................X.......<....`.......0..$............p..........p...............................@............P..........@....................text...`=.......>.................. ..`.rdata.......P.......B..............@..@.data...............................@....pdata..$....0......................@..@_RDATA..\....P......................@..@.rsrc........`......................@..@.reloc.......p......................@..B................................................................................................................................................................................
                                                                              Process:C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe
                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):1892864
                                                                              Entropy (8bit):6.574510854408502
                                                                              Encrypted:false
                                                                              SSDEEP:49152:lVtIA1xRrGLYLn9M+BMPPivsICK9rzoNEqt:7tH4X3inMZt
                                                                              MD5:66A65322C9D362A23CF3D3F7735D5430
                                                                              SHA1:ED59F3E4B0B16B759B866EF7293D26A1512B952E
                                                                              SHA-256:F806F89DC41DDE00CA7124DC1E649BDC9B08FF2EFF5C891B764F3E5AEFA9548C
                                                                              SHA-512:0A44D12852FC4C74658A49F886C4BC7C715C48A7CB5A3DCF40C9F1D305CA991DD2C2CB3D0B5FD070B307A8F331938C5213188CBB2D27D47737CC1C4F34A1EA21
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........s... ... ... ...!... ...!D.. ...!... ..!... ..!... ..!... ...!... ... ... .U.!... .U.!... .U. ... .U.!... Rich... ........PE..d...&..e.........." ...%.....6......,........................................@............`.........................................py.......y..(...............\............ ..4.......p...............................@...................\n..@....................text............................... ..`.rdata..^...........................@..@.data... f.......P...|..............@....pdata..\...........................@..@_RDATA..\...........................@..@.rsrc...............................@..@.reloc..4.... ......................@..B........................................................................................................................................................................................................
                                                                              Process:C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe
                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):140288
                                                                              Entropy (8bit):6.055411992765344
                                                                              Encrypted:false
                                                                              SSDEEP:3072:94PTD6FEzMju6bzJKjpEPeTOKvJhEnww+YbRYvPuq:94jQju6b9KilKvJurR8W
                                                                              MD5:04BFBFEC8DB966420FE4C7B85EBB506A
                                                                              SHA1:939BB742A354A92E1DCD3661A62D69E48030A335
                                                                              SHA-256:DA2172CE055FA47D6A0EA1C90654F530ABED33F69A74D52FAB06C4C7653B48FD
                                                                              SHA-512:4EA97A9A120ED5BEE8638E0A69561C2159FC3769062D7102167B0E92B4F1A5C002A761BD104282425F6CEE8D0E39DBE7E12AD4E4A38570C3F90F31B65072DD65
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 4%
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L..............C.......C.....C................................"...C...............................................Rich............................PE..d....-!e.........." ...#.>..........XG....................................................`.............................................X.......<....`.......0..$............p..........p...............................@............P..........@....................text...`=.......>.................. ..`.rdata.......P.......B..............@..@.data...............................@....pdata..$....0......................@..@_RDATA..\....P......................@..@.rsrc........`......................@..@.reloc.......p......................@..B................................................................................................................................................................................
                                                                              Process:C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe
                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                              Category:modified
                                                                              Size (bytes):2688
                                                                              Entropy (8bit):6.983676321301564
                                                                              Encrypted:false
                                                                              SSDEEP:48:9aOlOFmFnZYpjng0tOeS+c8Su2+2Y9JbwXn2PFv9ulOK5nucw0eOHWeucC:ZcFm3YtOeSPuiEWGtv9eHnukH2eub
                                                                              MD5:0B97ECFC42FE081C77B079AEA591D29D
                                                                              SHA1:3FFA1704D0D4F847E8AF9CFA6C065DE20182788A
                                                                              SHA-256:9E77E23657E761F53BD693389B784863FD9475C9A05BAC48C6511437F221F6D2
                                                                              SHA-512:EEB5AB9B46BBD5DDF842094C1C168BFE4AC19F76241346D05C37604F13CB63B1FF7FF38F179CB9592F370749D4E59EFE3711074932BD1283FB30AC4C02B84739
                                                                              Malicious:false
                                                                              Preview:PK..........Y................Applications\PK..........Y................Browser Extensions\PK...........Y................Cookies\PK...........Yq..-............Cookies\Google_Default.txt...H....9..*.2!Y.....|...'6....Z...}Z.3....bX ..........\...u9.x[u.1.D.Wg.e...`x....x.6....3....C.........=...0...Bqus......u.#GCg."(_...1..&7..&...l.y....Z....M..8G..Z. ..(^C.T..-....bW.#.r..9....6..3...s..G..m.1.U.._....2........}.&.\w.].......D.......|u........:..5.......C....w{v'.*<..u.]...??.nHe..H<...*~..(K.J../.-.U..q..6/../q^+w..yR....Q.e.;9..L;...e..V.Mu..."*k....\..&ma.7..kh..8E.<N...kV..$....q...!7.m...../...K^.bE..u}/7{.q..p./K.`..?..D.D.....y...t.D'.oe....._Q.TQ....k.O.x.Wl..(.)...XW)M..p.....v.e'%e.^...Jy.$i..M..y.....cHS.r..!I(.QB1..........i.`.o...!..Y!F...p.X..c>......._.....}24.......0....8.X.....7..........c.F.D.....c......<[{....9..7%a...}<..'."P...H...1P4..".8 .?....<..[-.4.7.:.DW..../[.=..k9....U[2..'qy..gk.AW...2......".r./W.O.."v..q.K.t..9..
                                                                              Process:C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe
                                                                              File Type:ASCII text, with very long lines (522)
                                                                              Category:dropped
                                                                              Size (bytes):3308
                                                                              Entropy (8bit):5.836762246327351
                                                                              Encrypted:false
                                                                              SSDEEP:96:7TJfocO2joccRhocZ8bJocofo3owoUv3uoNoWbooBoIo1Xp6oNsADoqwPoAcvsA9:Bj0RT2gJ
                                                                              MD5:9CA2464D1CCB91DE27CE8CCB2A71226B
                                                                              SHA1:B3105F3090B0783517A670F5A7200044E04BE8B1
                                                                              SHA-256:4740FCC5D200692A093002F2B530CFA4C44508E10454CEFC494682D9A57EB8B8
                                                                              SHA-512:9AAE4D487F3F4CB7E295A5A5EFE906FF977F3338D95D4797535EB05733B98EC46FE0A9A84859ADC06E4711EDD20FA9442E927D93616F98BA2541170D42BF18E6
                                                                              Malicious:false
                                                                              Preview:.google.com.TRUE./.FALSE.13355861278849698.NID.511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk.support.microsoft.com.TRUE./.FALSE.13355861278849698..AspNetCore.AuthProvider.True.support.microsoft.com.TRUE./.FALSE.13355861278849698..AspNetCore.Correlation.mdRqPJxLbpyv7vX0eK9YkTR-xwcrW3VBLE4Y3HEvxuU.N.support.microsoft.com.TRUE./.FALSE.13355861278849698..AspNetCore.OpenIdConnect.Nonce.CfDJ8Kiuy_B5JgFMo7PeP95NLhqwcJ8koDy5pXkfoWsb5SbbU2hVCbsH2qt9GF_OVCqFkLEwhvzeADNQOF5RSmkDfh5RqfqlOkx5QWo4Lltvwb0CvwBFD8ujlm3BAglOeGca3ZatkLMUkHB6alahUr8qJ7G_3AejtooymTWCzyO89hshJeX8Gh78kohbIw0IQY4v6LZriT4P2fGeBSMjrvqODB4H_bs2nbfsSfL7aN-SiX4Yyn3iFo5fv-Rsj0cGE-FFrP1uXNT7Y1VSMOfm-L0RnS8.N.support.office.com.TRUE./.FALSE.13355861278849698.EXPID.8e067c40-5461-4aef-885f-2c92ce6a5474..microsoft.com.TRUE./.FALSE.13355861278849698.MC1.GUID=749eee6039c5489b9db3000c7ab3f399&HASH=749e&LV=202310
                                                                              Process:C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe
                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                              Category:modified
                                                                              Size (bytes):2688
                                                                              Entropy (8bit):6.983160067910897
                                                                              Encrypted:false
                                                                              SSDEEP:48:98yOFmFnZYpjng0tOeS+c8Su2+2Y9JbwXn2PFv9ulOKJJucgDOPW0ucI:GFm3YtOeSPuiEWGtv9eHJu2O0uF
                                                                              MD5:340F334A4177704FD341319BD0E2A5F6
                                                                              SHA1:3059036D3B18D7216D0DE4EE18D6721AA42727E4
                                                                              SHA-256:3CB06481052D609E1014A91E30852D575C022F524C45637AD756059D479DCC49
                                                                              SHA-512:94B58513D51D6326737DEF9E39B268E7683C6DD167EB9015FD332B86D401B1A5A7169C6D9CB80E6C66A755814936578EED808EC00151E2CFCB28D35D94A76FA7
                                                                              Malicious:false
                                                                              Preview:PK...........Y................Applications\PK...........Y................Browser Extensions\PK...........Y................Cookies\PK...........Yq..-............Cookies\Google_Default.txt...H....9..*.2!Y.....|...'6....Z...}Z.3....bX ..........\...u9.x[u.1.D.Wg.e...`x....x.6....3....C.........=...0...Bqus......u.#GCg."(_...1..&7..&...l.y....Z....M..8G..Z. ..(^C.T..-....bW.#.r..9....6..3...s..G..m.1.U.._....2........}.&.\w.].......D.......|u........:..5.......C....w{v'.*<..u.]...??.nHe..H<...*~..(K.J../.-.U..q..6/../q^+w..yR....Q.e.;9..L;...e..V.Mu..."*k....\..&ma.7..kh..8E.<N...kV..$....q...!7.m...../...K^.bE..u}/7{.q..p./K.`..?..D.D.....y...t.D'.oe....._Q.TQ....k.O.x.Wl..(.)...XW)M..p.....v.e'%e.^...Jy.$i..M..y.....cHS.r..!I(.QB1..........i.`.o...!..Y!F...p.X..c>......._.....}24.......0....8.X.....7..........c.F.D.....c......<[{....9..7%a...}<..'."P...H...1P4..".8 .?....<..[-.4.7.:.DW..../[.=..k9....U[2..'qy..gk.AW...2......".r./W.O.."v..q.K.t..9..
                                                                              Process:C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe
                                                                              File Type:ASCII text, with very long lines (522)
                                                                              Category:dropped
                                                                              Size (bytes):3308
                                                                              Entropy (8bit):5.836762246327351
                                                                              Encrypted:false
                                                                              SSDEEP:96:7TJfocO2joccRhocZ8bJocofo3owoUv3uoNoWbooBoIo1Xp6oNsADoqwPoAcvsA9:Bj0RT2gJ
                                                                              MD5:9CA2464D1CCB91DE27CE8CCB2A71226B
                                                                              SHA1:B3105F3090B0783517A670F5A7200044E04BE8B1
                                                                              SHA-256:4740FCC5D200692A093002F2B530CFA4C44508E10454CEFC494682D9A57EB8B8
                                                                              SHA-512:9AAE4D487F3F4CB7E295A5A5EFE906FF977F3338D95D4797535EB05733B98EC46FE0A9A84859ADC06E4711EDD20FA9442E927D93616F98BA2541170D42BF18E6
                                                                              Malicious:false
                                                                              Preview:.google.com.TRUE./.FALSE.13355861278849698.NID.511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk.support.microsoft.com.TRUE./.FALSE.13355861278849698..AspNetCore.AuthProvider.True.support.microsoft.com.TRUE./.FALSE.13355861278849698..AspNetCore.Correlation.mdRqPJxLbpyv7vX0eK9YkTR-xwcrW3VBLE4Y3HEvxuU.N.support.microsoft.com.TRUE./.FALSE.13355861278849698..AspNetCore.OpenIdConnect.Nonce.CfDJ8Kiuy_B5JgFMo7PeP95NLhqwcJ8koDy5pXkfoWsb5SbbU2hVCbsH2qt9GF_OVCqFkLEwhvzeADNQOF5RSmkDfh5RqfqlOkx5QWo4Lltvwb0CvwBFD8ujlm3BAglOeGca3ZatkLMUkHB6alahUr8qJ7G_3AejtooymTWCzyO89hshJeX8Gh78kohbIw0IQY4v6LZriT4P2fGeBSMjrvqODB4H_bs2nbfsSfL7aN-SiX4Yyn3iFo5fv-Rsj0cGE-FFrP1uXNT7Y1VSMOfm-L0RnS8.N.support.office.com.TRUE./.FALSE.13355861278849698.EXPID.8e067c40-5461-4aef-885f-2c92ce6a5474..microsoft.com.TRUE./.FALSE.13355861278849698.MC1.GUID=749eee6039c5489b9db3000c7ab3f399&HASH=749e&LV=202310
                                                                              Process:C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe
                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):1892864
                                                                              Entropy (8bit):6.574510854408502
                                                                              Encrypted:false
                                                                              SSDEEP:49152:lVtIA1xRrGLYLn9M+BMPPivsICK9rzoNEqt:7tH4X3inMZt
                                                                              MD5:66A65322C9D362A23CF3D3F7735D5430
                                                                              SHA1:ED59F3E4B0B16B759B866EF7293D26A1512B952E
                                                                              SHA-256:F806F89DC41DDE00CA7124DC1E649BDC9B08FF2EFF5C891B764F3E5AEFA9548C
                                                                              SHA-512:0A44D12852FC4C74658A49F886C4BC7C715C48A7CB5A3DCF40C9F1D305CA991DD2C2CB3D0B5FD070B307A8F331938C5213188CBB2D27D47737CC1C4F34A1EA21
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........s... ... ... ...!... ...!D.. ...!... ..!... ..!... ..!... ...!... ... ... .U.!... .U.!... .U. ... .U.!... Rich... ........PE..d...&..e.........." ...%.....6......,........................................@............`.........................................py.......y..(...............\............ ..4.......p...............................@...................\n..@....................text............................... ..`.rdata..^...........................@..@.data... f.......P...|..............@....pdata..\...........................@..@_RDATA..\...........................@..@.rsrc...............................@..@.reloc..4.... ......................@..B........................................................................................................................................................................................................
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):172671488
                                                                              Entropy (8bit):6.736653382610154
                                                                              Encrypted:false
                                                                              SSDEEP:1572864:q3lB0RhDP7igv6wO+HkaN/xtpj56BZWua2T3jC0gqhd07YeRt6C1Bd1jKoUeKtQk:/Pvt1x2z5m1ij
                                                                              MD5:EEB12AAC1FF31A9D17BA437700CAF9D6
                                                                              SHA1:09AEDF44E30437BE57326C61570BE52930B0F001
                                                                              SHA-256:BD4E25E01DE9EC86B4B55BDE68A59F196BA4AD2F0889F3CAF761A6D548027DD5
                                                                              SHA-512:566F12212B7A3CA1AD1184BD0CB6DF9552A4600BE36FA0C9632681A68C6FEA20068A09E160C404AB31468448DB10308E6B2C3424515F02E5C25EC7BF2F250F02
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...6..e.........."......0o..f......p.j........@..........................................`.............................................9D......T....pw.....`2.0.D...........y..x...k.......................e..(....]o.@...........h...X...hr..`....................text...e/o......0o................. ..`.rdata..x.}..@o...~..4o.............@..@.data.....E..@.......4..............@....pdata..0.D..`2.. D..,..............@..@.00cfg..0.....v......L:.............@..@.gxfg... C....v..D...N:.............@..@.retplne......v.......:..................rodata.......v.......:............. ..`.tls..........w.......:.............@...CPADinfo8.... w.......:.............@...LZMADEC......0w.......:............. ..`_RDATA..\....Pw.......:.............@..@malloc_h.....`w.......:............. ..`.rsrc.......pw.......:.............@..@.reloc...x....y..z...H<.............@..B................
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:ASCII text
                                                                              Category:dropped
                                                                              Size (bytes):1096
                                                                              Entropy (8bit):5.13006727705212
                                                                              Encrypted:false
                                                                              SSDEEP:24:36DiJHxRHuyPP3GtIHw1Gg9QH+sUW8Ok4F+d1o36qjFD:36DiJzfPvGt7ICQH+sfIte36AFD
                                                                              MD5:4D42118D35941E0F664DDDBD83F633C5
                                                                              SHA1:2B21EC5F20FE961D15F2B58EFB1368E66D202E5C
                                                                              SHA-256:5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
                                                                              SHA-512:3FFBBA2E4CD689F362378F6B0F6060571F57E228D3755BDD308283BE6CBBEF8C2E84BEB5FCF73E0C3C81CD944D01EE3FCF141733C4D8B3B0162E543E0B9F3E63
                                                                              Malicious:false
                                                                              Preview:Copyright (c) Electron contributors.Copyright (c) 2013-2020 GitHub Inc...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISIN
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:HTML document, ASCII text
                                                                              Category:dropped
                                                                              Size (bytes):9227221
                                                                              Entropy (8bit):4.785730097444693
                                                                              Encrypted:false
                                                                              SSDEEP:24576:cpD6826x5kSWSsRinoHnmfm646a6N6z68SH4SApTJ:cHSek
                                                                              MD5:2675B30D524B6C79B6CEE41AF86FC619
                                                                              SHA1:407716C1BB83C211BCB51EFBBCB6BF2EF1664E5B
                                                                              SHA-256:6A717038F81271F62318212F00B1A2173B9CB0CC435F984710AC8355EB409081
                                                                              SHA-512:3214341DA8BF3347A6874535BB0FF8D059EE604E779491780F2B29172F9963E23ACBE3C534D888F7A3B99274F46D0628962E1E72A5D3FC6F18CA2B62343DF485
                                                                              Malicious:false
                                                                              Preview: Generated by licenses.py; do not edit. --><!doctype html>.<html>.<head>.<meta charset="utf-8">.<meta name="viewport" content="width=device-width">.<meta name="color-scheme" content="light dark">.<title>Credits</title>.<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">.<link rel="stylesheet" href="chrome://credits/credits.css">.</head>.<body>.<span class="page-title">Credits</span>.<a id="print-link" href="#" hidden>Print</a>.<div style="clear:both; overflow:auto;"> Chromium <3s the following projects -->.<div class="product">.<span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span>.<span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">homepage</a></span>.<input type="checkbox" hidden id="0">.<label class="show" for="0" tabindex="0"></label>.<div class="licence">.<pre>Copyright(C) 1997,2001 Takuya OOURA (email: ooura@kurims.kyoto-u.ac.jp)..You may use, copy, modify this code for any purpose
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):135642
                                                                              Entropy (8bit):7.916363227461705
                                                                              Encrypted:false
                                                                              SSDEEP:3072:tezwJCGIekwf9W2bg3yhPaL2o418Gb0+VRLf0ld0GY3cQ3ERVm2I:tezw1Iek+42k3yMK18Gb0OV8ld0GecQJ
                                                                              MD5:A0E681FDD4613E0FFF6FB8BF33A00EF1
                                                                              SHA1:6789BACFE0B244AB6872BD3ACC1E92030276011E
                                                                              SHA-256:86F6B8FFA8788603A433D425A4BC3C4031E5D394762FD53257B0D4B1CFB2FFA2
                                                                              SHA-512:6F6A1A8BFE3D33F3FA5F6134DAC7CD8C017E38E5E2A75A93A958ADDBB17A601C5707D99A2AF67E52C0A3D5206142209703701CD3FAB44E0323A4553CAEE86196
                                                                              Malicious:false
                                                                              Preview:....................5...........r..........._.......................P.....J.................c!.....#....#......8.....;.....@....PC.....E.....G....8J....(L....XN.....R.....U..!..Y.."..Z..$..[..&..]..'..^....]_../.we..0..k..1./m..2..m.....n.....o.....q.....t....xw.....z.....~..........,...........................w.........0....{....@....C....y....v.......................................u"...K)....+.../...t3....=...!@...xH...]L....U...5`....pd.....f.....n....Lw....4x.....y.....{.....~....W.....l...........'...........b.......................`............................p................r.....w...0.|...1.<...2.....3.....4.$...5.....6....7.....8.....9.s...:....;.*...<.....=.r...>.`...?.x...@.~...A.8...C.....D.....E.....F.W...G.!...H.....I.....J.....K.....L.....O.....&.....'.....(.5...).....*.*...+.T...,.!...-.k........./.....0.Y...1.....2.....3.....4.....5.....6.!...7.....8.7...9.....:.P...<.....=.-...>.....?.....@.Y...A.....B.{...C.....D.-...E.....F...
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):195396
                                                                              Entropy (8bit):7.94178165609805
                                                                              Encrypted:false
                                                                              SSDEEP:3072:ADQYaE/N6Mrvy/3JP29W2bg3yhPaafR54x5GMR+F44ffbdZnYw9p4AbIVGYoDd+y:ADQYaSN6svyd242k3yxgx5GMRejnbdZR
                                                                              MD5:C37BD7A6B677A37313B7ECC4FF01B6F5
                                                                              SHA1:79DB970C44347BD3566CEFB6CABD1995E8E173DF
                                                                              SHA-256:8C1AE81D19FD6323A02EB460E075E2F25ABA322BC7D46F2E6EDB1C4600E6537A
                                                                              SHA-512:A7B07133FA05593B102A0E5E5788B29488CB74656C5EE25DE897C2BA2B2A7B05C0663ADE74A003F7D6DF2134D0B75F0AD25E15E9C9E0969E9453B7FC40B9F8BB
                                                                              Malicious:false
                                                                              Preview:....................<..........................................$.....).....,....N4.....8.....@.....D....;Y.....m.....s....y}.........e...........W...........>.....b.....k...!.%...".}...$.....&.....'........../.#...0.....1.(...2.......$...........9.....-.....2.....q...........d...................................m.........&F...qP...6S....W....a....c...ff....k....v...sx..................~....`....*............F....r............r.....................s...................................*.....E.................W.............................. ....5#....2*....P-....i4.....<....[?.....f.....g....bl..0.Eq..1.sr..2..t..3..u..4.lv..5..w..6.ry..7..z..8.v|..9..~..:.....;.I...<.7...=.....>.....?.....@.....A....C.....D.....E....F.....G.9...H.Z...I.N...J."...K....L.....O.D...&.>...'.....(.....).[...*.....+.<...,.....-.k........./.)...0.}...1.....2.....3.....4.r...5.....6.....7.$...8.....9.U...:.....<.....=.....>.....?.P...@.....A.k...B.,...C.....D.*...E.....F.$.
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):4916712
                                                                              Entropy (8bit):6.398049523846958
                                                                              Encrypted:false
                                                                              SSDEEP:49152:KCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNc:xG2QCwmHPnog/pzHAo/A6l
                                                                              MD5:2191E768CC2E19009DAD20DC999135A3
                                                                              SHA1:F49A46BA0E954E657AAED1C9019A53D194272B6A
                                                                              SHA-256:7353F25DC5CF84D09894E3E0461CEF0E56799ADBC617FCE37620CA67240B547D
                                                                              SHA-512:5ADCB00162F284C16EC78016D301FC11559DD0A781FFBEFF822DB22EFBED168B11D7E5586EA82388E9503B0C7D3740CF2A08E243877F5319202491C8A641C970
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|3..]...]...]..e\...]...\.5.]..e...]..wX...]..wY...]..e^...]..eX.y.]..eY...]..e]...]..eU./.]..e....]..e_...].Rich..].................PE..d...^.}`.........." ......8..........<).......................................K.....:FK...`A........................................`%G.x....(G.P.....J.@.....H.......J..%....J.....p.D.p....................S<.(...pR<.@............S<.(............................text.....8.......8................. ..`.rdata...F....8..P....8.............@..@.data...`....@G......@G.............@....pdata........H......@H.............@..@.rsrc...@.....J......@J.............@..@.reloc........J......PJ.............@..B........................................................................................................................................................................................................................................
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):2887680
                                                                              Entropy (8bit):6.7090688959107
                                                                              Encrypted:false
                                                                              SSDEEP:49152:9F5qb84KtStWEK/Ju2lf3tAtiLHQVTf6yfcrhCHDXLl8+0LKSQUSCu:9FvSkJXv+tiLAD0+DUS5
                                                                              MD5:208E7AF956A0803900125BDC11A3ECF2
                                                                              SHA1:1BD84174194485DA634BF8B3AF0A78E236316A8E
                                                                              SHA-256:D863C8A26744703F2D12C674B45C87D8B34E21EFCE169D4797B57964D168B077
                                                                              SHA-512:76937999A21391107D9EBCFD66C7A2CA967CC7CAC7AEB2B15BBECA6B546423A3D5C83969EF151C95D916D5A9F653573CD59D05110566D52A5C2679059C4D4EC3
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...6..e.........." ......#.........p........................................PB...........`A........................................x)*....../*.(.............@...............B..4....).......................).(....B#.@............3*.P............................text...5.#.......#................. ..`.rdata..$....0#.......#.............@..@.data.........*.."....*.............@....pdata........@.......*.............@..@.00cfg..8.....A.......+.............@..@.gxfg... -....A.......+.............@..@.retplne......A.......+..................tls..........A.......+.............@..._RDATA..\.....B.......+.............@..@.reloc...4....B..4....+.............@..B........................................................................................................................................................................................................................
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):10717392
                                                                              Entropy (8bit):6.282534560973548
                                                                              Encrypted:false
                                                                              SSDEEP:196608:hpgPBhORiuQwCliXUxbblHa93Whli6Z86WOH:n8wkDliXUxbblHa93Whli6Z8I
                                                                              MD5:E0F1AD85C0933ECCE2E003A2C59AE726
                                                                              SHA1:A8539FC5A233558EDFA264A34F7AF6187C3F0D4F
                                                                              SHA-256:F5170AA2B388D23BEBF98784DD488A9BCB741470384A6A9A8D7A2638D768DEFB
                                                                              SHA-512:714ED5AE44DFA4812081B8DE42401197C235A4FA05206597F4C7B4170DD37E8360CC75D176399B735C9AEC200F5B7D5C81C07B9AB58CBCA8DC08861C6814FB28
                                                                              Malicious:false
                                                                              Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html ......E.......E.......E..P/...E.../...E..P7...E...7...E...h...F...h.. F..Pi..0F......DF.....WF.....jF..P...}F.......F..`....F.......F.. ....F.......F..0....F.......G......G......(G.....;G..@...NG......aG.....tG.......G.......G..@....G.......G.......G.......G..P....G.......H.......H..P...2H......EH..`...UH......hH......yH..P....H.......H.......H..`....H.......H.......H..P....I.......I......-I..@...=I......PI......aI..@...uI.......I...0...I.. 1...I..p1...I...e...I...e...I...i...I..`i...J...i..)J...K..BJ..p...^J..."'.uJ..P.'..J....'..J...5'..J..06'..J...>'..J..P?'..K...D'..K...F'.0K...H'.IK...V'.hK....(..K....(..K..P.)..K....)..K..pW*..K..P.*..L...*+.?L..p.+.bL....+..L...U,..L....,..L....,..L....,..L..@.,..M....,.-M..P.-.IM.. e-.`M...e-.~M...R/..M.../..M..0.0..M..@.0..M..P.0..M....0..N....0.!N...,0.9N...,0.NN..0-0.fN...-0.vN...Y0..N...Z0..N..
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):488960
                                                                              Entropy (8bit):6.346910910503449
                                                                              Encrypted:false
                                                                              SSDEEP:6144:38hd1BSjuMmof2SEXVVfgV8hxN7h2NwIEOg51f0FticyQ:38DXSjZmof2SEsmN12NwIE7f0FticyQ
                                                                              MD5:1B74F7E2B5D44AC10A89A5CF206630A8
                                                                              SHA1:DD2E816E315B6A6A271FB01DC12163D9936C77C4
                                                                              SHA-256:662746A02930C151C5CAB2B1167A56C6CA78B44028448FDA91182147856EDFED
                                                                              SHA-512:246814E5FC157CF731E3EC3E1096922864B48A36CC5B1E5259EBD2E673FDE5DC741AD600F69CD80E1544EE12438F7CC6F208ADD894B5E02AC5E2C87D0B3933A8
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...6..e.........." .....6...:......@........................................ ............`A.........................................E..h....S..(.......x....@..(D..............T....=.......................<..(...@Q..@........... W...............................text....5.......6.................. ..`.rdata......P.......:..............@..@.data....K....... ..................@....pdata..(D...@...F..................@..@.00cfg..8............2..............@..@.gxfg...0&.......(...4..............@..@.retplne.............\...................tls....!............^..............@..._RDATA..\............`..............@..@.rsrc...x............b..............@..@.reloc..T............h..............@..B................................................................................................................................................................................
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):7617024
                                                                              Entropy (8bit):6.483264228465234
                                                                              Encrypted:false
                                                                              SSDEEP:98304:AwY1sQqaLe2Egto8U4r5Pp6TlITQZ38W888888888tb8dii:vNaSgtvroZ8
                                                                              MD5:596379BA25B32E95B5EC3CD8028B291B
                                                                              SHA1:AF61B5D29DB91997E29FFED8A410D09CE74EE51E
                                                                              SHA-256:D5E1D7B8531A0F4AB576BA6F78D4C63B39186A2830D313C6695F0024C9EF627A
                                                                              SHA-512:F8835B455820C77B4BA509C326A185BF65131242161498229C5E3584A0E7789324932B95678556A657440DEAF067EAD454E85BF8233EFA24162E7E4D9EAF417B
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...6..e.........." ......X..B.......CL......................................@u...........`A..........................................k......|l.d....Pt.......q..[...........`t......:k.....................`9k.(.....Y.@.............l..... .k.@....................text.....X.......X................. ..`.rdata...T....Y..V....X.............@..@.data...t....pm......Lm.............@....pdata...[....q..\....p.............@..@.00cfg..8.....s......,s.............@..@.gxfg....,....s.......s.............@..@.retplne..... t......\s..................tls....B....0t......^s.............@..._RDATA..\....@t......`s.............@..@.rsrc........Pt......bs.............@..@.reloc.......`t......hs.............@..B................................................................................................................................................................................
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):457927
                                                                              Entropy (8bit):5.4171857958645475
                                                                              Encrypted:false
                                                                              SSDEEP:12288:/cqYYWk0o+wZiSMKVQ2uM2Z12JynA7PIrfsdgSTCSQ2fs37KQOb5t/tn6A/HiaHU:ynk0ofMSMaTuM2Z12JynA7PIrfsdgST4
                                                                              MD5:917A688D64ECCF67FEF5A5EB0908B6D4
                                                                              SHA1:7206B01BBC3FD8CC937DB9050DD8AC86CF44D8CC
                                                                              SHA-256:6981249837AD767FC030EDC8838878A5E493FB08CC49982CFFAED16CFBEB564D
                                                                              SHA-512:195DBEC8463CF89990232296C5C927E1501F0C2E01A7BE7C6A6ACAE651853CE1EDB23D639AF65979B39A3C61979119C3A305ACFA3AADF0CB93E241C5E57F4534
                                                                              Malicious:false
                                                                              Preview:........_#t.e.....h.$...i.,...j.8...k.G...l.R...n.Z...o._...p.l...q.r...r.~...s.....t.....v.....w.....y.....z.....|.....}.................................................!.....".....#.....(.....5.....D.....U.....h...........V.......................v.................1.......................`.......................Y.......................4.......................(.....v.................7.......................C.......................?.......................J.......................{...........-.....D.............................X.............................S.....r.....{.........../....._.....n...........#.....U.....e.................'.....0.............................J.......................D.......................d.......................D.......................".....h.......................p.................=.....{.......................\.......................T.................6.........................................P.................H.....[.............................x.............
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):744722
                                                                              Entropy (8bit):4.880240690992002
                                                                              Encrypted:false
                                                                              SSDEEP:12288:LMlGLQXTZou76VIx2TERZ3ej5dMNzLY5S9ZSVrBO0Pcx30jH8+F:Lc9XTZsVIxJRZuj5dMNzLY5S9ZSVrBOg
                                                                              MD5:3CFD7C5BB92AB72C63E003208A9E4529
                                                                              SHA1:165D2F69AB6A6E237F0FEC943B5577123CEFEA87
                                                                              SHA-256:12E9E1BEC1C46E5EA706157726E17A4429ACF288A5754FA183BD9B4CF7D3853B
                                                                              SHA-512:CD7C7837D758EA66ABC871503CDA6FE99FF45990405E60C1133E7C1F4CB29EE69723C9558BB2D3ECCB42948DA57351F4F095062616686AB2E255ACD3C86236F0
                                                                              Malicious:false
                                                                              Preview:........s#`.e.D...h.L...i.W...j.c...k.r...l.}...n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}...................'...../.....7.....>.....E.....L.....M.....N.....S.....o.........................................8.................(.....T.....+...........q...........c...........n...................................q...........6.....L...........n.......................|.........................................L...........:....._.........................................7.....f...........;.....a.................l.................*.............................:.................^...........N.....d.............................}...........O.....n...........r.................~.....,.................N................. .................T.....|.....................................................H.............................*.....p...........J...........,.....U.................r ..... ....W!.....!....l"....."....j#.....$....~$.....$.....%....d%.....%.....%....V&.....&....T'
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):813209
                                                                              Entropy (8bit):4.897933532023867
                                                                              Encrypted:false
                                                                              SSDEEP:12288:EyBYh5/N/RaWH4gzWvwU5Twikcb5uNi3+D2qeTT:E3aR/5D+M
                                                                              MD5:3C2AB7363018DB1F20B90ACBC305CB4C
                                                                              SHA1:60B9CF453178AD0E60FAF20D137A0C7EABDE65C9
                                                                              SHA-256:3CA47B9C436723F837A53B2904B51EFDF13AB6CAD2F3EF4FE48A1115847ECCBF
                                                                              SHA-512:589BEB3E95E93F30341933C9B9826210E6BF3E9C1AD8F113D9D8A98FA5A526F81E454EE3357FB55D60D67A4890CE33E964BA2FA810E1771A6B7E82746492313A
                                                                              Malicious:false
                                                                              Preview:........4#..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.+...s.<...t.E...v.Z...w.g...y.m...z.|...|.....}...............................................................................B.....t.....^.....L.......................S.................{.....-.................r.....".................7.................(.................E.....\.......................-....................... .................S.............................5.......................,.....3..... .............................7.................u.................E.................'........................................._.....p......................."...........'.....h...................................y...........{...................................~...........%.........................................R.................l.................M.................:...........1.....~.................. ....4!....a!....."....."....."....(#.....#....6$....x$.....$.....$....X%....~%.....%....R&.....&....Y'....{'.....(
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):848303
                                                                              Entropy (8bit):4.65032463396985
                                                                              Encrypted:false
                                                                              SSDEEP:24576:T3ChsqKaElYMdAs1axUjHh373Zj93aAK5kVDgQwRunpKd2ao57JqueRSnQFwN/6B:TChsqKaElYtUjHh373Z53a1kVDgQw1dn
                                                                              MD5:A69F6075863D47B564A2FEB655A2946F
                                                                              SHA1:062232499FF73D39724C05C0DF121ECD252B8A31
                                                                              SHA-256:A5EB7038ED956BAD7704A722F05691474FF709DFFBAD92B8E31DBB869AD58334
                                                                              SHA-512:930CE3938AA02A8BCC609A64BD86B7E6164D63BAAD157A980FD079859A6BEE5DB87BD1F7A74A71108F8368BC9C6154BF14A2DBA1ABF269F572BC262614BCF1DB
                                                                              Malicious:false
                                                                              Preview:........c#p.e.$...h.,...i.4...j.@...k.O...l.Z...n.b...o.g...p.t...q.z...r.....s.....t.....v.....w.....y.....z.....|.....}...........................................".....).....*.....+.....0.....R.....k.............................-.....q.....5...........U.......................8.....v.....l.....).............................b........... ...................................*.....~.....z.....<.............................>.....t.....<...........Q.....{.....g.....'.............................j..........._.................E...........x.............................f...........C...........3.....a.........................................L.....l...........}.............................f.................o...........I...........z.................{...........;..........._...... ....z ..... .....!....O"....."....8#.....#....j$.....$.....$.....%....D&.....&.....&.....'....T(.....(.....).....).....*....t+.....+.....,....S-.....-................./...../.....0.....0....<1.....1.....1.....2.....3.....4
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1094739
                                                                              Entropy (8bit):4.273606074036768
                                                                              Encrypted:false
                                                                              SSDEEP:3072:PAUxhq6CLf6bXs8iQ2Zc2EadKZ0ZfQ0/QeIyTtPukkBBbpUDDM5JiXldW:4K46CjYYZ82IypPubBbf5IlI
                                                                              MD5:D43CE80DDCA3FAB513431FA29BE2E60A
                                                                              SHA1:3E82282E4ACFEC5F0ACA4672161D2F976F284A0C
                                                                              SHA-256:87670FF2CEB1EBC38FCE2C3B745AC965F3DE5DE3133D99ED33933A8F3E99D874
                                                                              SHA-512:1D33CA9BACB91EF328F89A14777A704000BF30FE59AA1CBBBFF34D8BAD266C98D78C9E411E289E834E76EB721DD98934426A565CD5B3436D5A103ABE37F7612A
                                                                              Malicious:false
                                                                              Preview:........^#u.e.....h."...i.3...j.?...k.N...l.Y...n.a...o.g...p.t...q.z...r.....s.....t.....v.....w.....y.....z.....|.....}........................................... .....'.........../.....0.....5.....Z...........................................................h.....................................................Q.................?.....w.....,...........1.....T.....{.....Y...........E.....+...................................+.....Z.....'...........9.....n.....i.....S.................A.....9...........3...................................E.................D.................,.................%.....c.....!.................I...................................b.......................$.....u........................ ..... .....!....."....2#....z#.....$.....$.....$.....%.....%.....&.....'....1'.....(.....(.....).....*.....*....L+.....+.....+.....,....^-.....-.....-.........../....L0.....0.....1.....3.....3....14....i5....k6.....7....u7....W8.....9.....9.....9.....:....M;.....;.....;.....<.....=
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):515554
                                                                              Entropy (8bit):5.412339344998089
                                                                              Encrypted:false
                                                                              SSDEEP:12288:KhBp7kcELygV3z5PAF4N3Mw2juwHzejm0t3lvq8E9oCRaIs3cmlLEY2CJkEydROC:Khh4V8RPS9lMN4MZRg5P56iq
                                                                              MD5:2D30C5A004715BC8CD54C2E21C5F7953
                                                                              SHA1:FED917145A03D037A32ABAC6EDC48C76A4035993
                                                                              SHA-256:D9C45D55A9A5661063B9BBEBB0615DE8F567F3925D04FD10938DA9617C6220E0
                                                                              SHA-512:B3803551F53D290D8839789F829AFC9C1E12052C81BA20D5E01FB3D2BACD5D1E97BD4C05074322EED17FDEC04C9176C655076FAEC8A3AEF17C39FB999E0C1FCF
                                                                              Malicious:false
                                                                              Preview:........e#n.e.(...h.0...i.8...j.D...k.S...l.^...n.f...o.k...p.x...q.~...r.....s.....t.....v.....w.....y.....z.....|.....}...........................................&.....-.........../.....1.....K.....d.................G...........C.....b...........7.....~...........,................./.................*.....G.................).....<................. .....1.................].................}.................X.......................t...................................<.....W...........w.................^.......................J.......................(.....y.................(.......................7.......................$.....s.......................H.....t.................8.....l.....}...........o.................5.......................0.....w.................G.....~.................y.................V.......................9.......................C...............................................&.......................t.......................k.......................d.................&.
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):530593
                                                                              Entropy (8bit):5.852935430786663
                                                                              Encrypted:false
                                                                              SSDEEP:12288:ljXB+Hdo1ryvJvtQW5EK8VPDNOQ3SCmPs:ljXwHO1uvJ195EK8V5ObCmPs
                                                                              MD5:06E3FE72FDC73291E8CF6A44EB68B086
                                                                              SHA1:0BB3B3CF839575B2794D7D781A763751FE70D126
                                                                              SHA-256:397134D1834F395F1C467A75D84EF2E8545CB0F81E94DBE78B841FBBDAAD802D
                                                                              SHA-512:211594C30AD4F5CA8813596B59751168C60DFA0D13F24F2AA608FCE82D21C2DE3DE69FE007C4BDE1602DA8AA7EA81EC0F15E173ABC1224362C36B493B425B425
                                                                              Malicious:false
                                                                              Preview:........K#..e.....h.....i.....j.....k.....l.*...n.2...o.7...p.D...q.J...r.V...s.g...t.p...v.....w.....y.....z.....|.....}.....................................................................................1.....F...........t.................R...................................W.....p...........U.......................k.......................Z.......................j.................P.................A...........(.....a.....y...........L.........................................P.................-.............................d.......................E.......................4.......................H.......................C.......................8.......................P.......................|...........?.....V.............................g.......................m.......................s...........(....._................. .....4.................G.....\...........6.....w.................}.................[...........,.....M...........0.....Z.....o...........%.....J.....^...........8.....r.
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):479902
                                                                              Entropy (8bit):5.456625778597649
                                                                              Encrypted:false
                                                                              SSDEEP:6144:+luvzrGLXfBlzV0qV5cU3sVEs7a7wlTwUJwa7obRR2vJub51NrXBDUd4JTGqfwI:+HbzszaoQR5rrBTpz
                                                                              MD5:1939FAA4F66E903EAC58F2564EEB910E
                                                                              SHA1:BACE65EE6C278D01CCF936E227E403C4DFF2682D
                                                                              SHA-256:0B9DA7BD6531A7EBE7D8188B320C0953ADCFBAF654037F8265261A12E63D3C87
                                                                              SHA-512:51588D2FE724E6C407724EA6F46883DED39397AF744EFFAF672F75952A6A734E61E93E59F446080317F2A2B3FA1B45E7405F90FE0B226C44C9F3DD9A4E130A87
                                                                              Malicious:false
                                                                              Preview:........j#i.e.2...h.:...i.K...j.W...k.f...l.q...n.y...o.~...p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................#.....+.....2.....9.....@.....A.....B.....D.....R.....b.....v.................v.................5...................................U.....q...........A.....q.................4.....[.....h.................F.....T.................L.....f...........R.........................................B...................................T.....n.............................U.......................<.............................n.......................f.......................k......................._.......................>.....d.....n...........'.....T.....b...........].......................s.......................P.....n.................-.....J.....Z...........B.....|.................k.......................v.................*.....h.................&...................................3.....b.................^.....p.................$.....1.................*.
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):512832
                                                                              Entropy (8bit):5.50981730028679
                                                                              Encrypted:false
                                                                              SSDEEP:6144:Vsu6moWkxlRnY43K7UpHa63gXya/nOdxIHa3AnO1a265QM5GR6mszMRQI2Cga:VsU4e43K7UpxgCaPoCwM5Vmv2Cga
                                                                              MD5:2163820CD081FDD711B9230DC9284297
                                                                              SHA1:C76CC7B440156E3A59CAA17C704D9D327F9F1886
                                                                              SHA-256:6D787033C94755CC80C187ED8A9DE65808BB4D7968354BBB94B7868AC2E8D205
                                                                              SHA-512:920FA2A10F7AA7F1F6D911FE2A77EDED0384617D8FD863943AFD99A584DAB3FB2EA3E5D2E20BCA529689A99FDF303912007F2918C62482D8A90194A810F6E535
                                                                              Malicious:false
                                                                              Preview:.........#..e.b...h.j...i.{...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.$...}.6.....>.....C.....K.....S.....[.....b.....i.....p.....q.....r.....t...................................<.................)...................................B.....\...........R.........................................>...................................9.....[...........q.................L...................................[.....m...................................C.................(.......................9.......................L.......................{...........E.....\...........J.......................x.................*.......................Y.............................N.................%.......................................................................X.................D................./.....F...........+.....W.....j...........a.................8.............................7.....s.................................../.......................X.............
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):929418
                                                                              Entropy (8bit):4.738354677437668
                                                                              Encrypted:false
                                                                              SSDEEP:24576:ovf5YcXPdGgx11hxi9c9N+JXDsSYSmqHMuD2fpoLwj3BAVH8+VdQ5tNDQo32Etfd:2f5YcXPdGgx11hxi9c9N+JXDsSYSmqHe
                                                                              MD5:A14D8A4499A8B2F2F5908D93E2065BF7
                                                                              SHA1:1473A352832D9A71C97A003127E3E78613C72A17
                                                                              SHA-256:EB46D9860835B69D33B2583D1E52B20238B666B967BF00906424E3C8A161ED64
                                                                              SHA-512:427271D12590F8EA3F11B83E4C0CE79C55C289573C5F6E5C70C789B28A5181F295A3C9B1A4BDD1F731F338E6EDB1E06318EA6410CEAC546128A84FF8F2EC0B40
                                                                              Malicious:false
                                                                              Preview:........f#m.e.*...h.2...i.:...j.D...k.S...l.^...n.f...o.k...p.x...q.~...r.....s.....t.....v.....w.....y.....z.....|.....}...........................................&.....-.........../.....1.....X.....}.....................................................8.....n.....v.....J...........(.....K...........`...........]...........C.....d.............................................../.....7.....1...................................,.................A.....l.....].....................................................I.................l...........b...........,.................V.....1...........w...........k.....7.......................i.......................s.......................k.......................................... ....^!.....!.....!.....".....#....V#....r#..../$.....$.....%....J%....7&.....&....s'.....'....p(.....)....V)....})....H*.....+....h+.....+.....,....5-.....-.....-...../....30.....0...."1....#2.....3....~3.....3.....4.....5....Q6.....6....=7.....8....q8.....8.....9.....:.....;
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):418411
                                                                              Entropy (8bit):5.526282387769971
                                                                              Encrypted:false
                                                                              SSDEEP:6144:A8iCFs0mZ2dXipvrIQoqbh7GMP9eRT/LfaY1+/845prSQBE0RbhU:AJCyeXipvrI7IGMuT/7o5ZSsU
                                                                              MD5:9D9121BDC9AF59B5899CE3C5927B55D8
                                                                              SHA1:568626A374CD30237C55B72C74B708DA8D065EC1
                                                                              SHA-256:F4D45CCC89834376F35D4D83FE5B2D5112B8CC315FCB03228720749AAE31C805
                                                                              SHA-512:149A8ACF256DC12F62706F72AD8EC88CBFDF7F8DC874BCD9FACF484CDB00E7C5787F5E1BBC12B5BBE1B19B6524E7E8A1C7DBA2838ABEB9AAFA3CE89795FD22AE
                                                                              Malicious:false
                                                                              Preview:.........#..e.....h.....i.....j."...k.1...l.<...n.D...o.I...p.V...q.\...r.h...s.y...t.....v.....w.....y.....z.....|.....}.....................................................................................>.....O...........".....i.....|........... .....Q.....a...........!.....].....s.................G.....\.......................%.....n.......................7.....|.......................o.......................].......................3.....^.....n.......................9.................D.....X.............................6.....q.............................:.....F................. .....3.............................L.............................Q.....y.......................;.....F.................<.....Q.............................a.............................a.......................5.....j.......................'.....6.....................................................~.................<.................3.....P.......................-.....t.......................C.............
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):421711
                                                                              Entropy (8bit):5.516302021610083
                                                                              Encrypted:false
                                                                              SSDEEP:6144:MOoiE2KSqdBEuUu6/9meKMP9e7X9ifaY3yzq5J7SKn0F/lOSwH:n5EC2B4bKMwX9cj5hSwSwH
                                                                              MD5:626F30CFD9AD7B7C628C6A859E4013BD
                                                                              SHA1:02E9A759C745A984B5F39223FAB5BE9B5EC3D5A7
                                                                              SHA-256:0FD74BB69AD35B3F9391FA760BF0EB0EE73D2BEA0066244577EF2ABD269513DE
                                                                              SHA-512:9CE902F21FEF70C5B5AF444B532B36C9A00D896878CB4021C9B1DC07AA3277D956BCA65EE0ADB68467EEC113E535B60A8A5FB5414C7D0CA761CEAE5C43B7D9A9
                                                                              Malicious:false
                                                                              Preview:.........#..e.Z...h.b...i.j...j.v...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.%.....-.....2.....:.....B.....J.....Q.....X....._.....`.....a.....f.....s.............................w.................(.....u.......................u................. .....k.......................@.....i.....w.................*.....7.............................g.......................Y.......................5.....|.......................K.....w.................K.............................2.....A.............................%.....b.......................7.....i.....|.................@.....L.............................V.............................[.......................J.......................*.....M.....c.............................m.......................=.......................$.....[.....v.................$.....N.....^.................;.....S...........$.....m.....{...........7.....n.................-.....Y.....h.............................z.............
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):508230
                                                                              Entropy (8bit):5.385230992997236
                                                                              Encrypted:false
                                                                              SSDEEP:3072:iEsyQDjcRy2VdU1P2BCA6bKVjnE4rHOniSb8p5Yl+lblmwoab5uIay5LlZi+SLFv:iEsyQvt2ECiOX3p5YWm85wLFaoImYA
                                                                              MD5:6F4613A4A88AF6C8BD4EF39EDEEE3747
                                                                              SHA1:C8850A276D390DF234258D8DE8C6DF79240C8669
                                                                              SHA-256:8F7B8776E61E3ED5AA33B1A571AC834653B54B12A499D956B95D567B7E1BA987
                                                                              SHA-512:E5933DCB2AAAA2018BA8B13F4AF3DC8A950640AC60ACB1B56AD6DE24541701D0FFC1F4CB28C7932AF924BFD673EDCEE20BF649156AB95EA9499EC43C703EA141
                                                                              Malicious:false
                                                                              Preview:........q#b.e.@...h.H...i.Q...j.]...k.l...l.w...n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}...................!.....).....1.....8.....?.....F.....G.....H.....J.....\.....k.................*.................9.................V.....n...........~.................u...........,.....G.......................'.........................................]...................................e.................).................<.....S...........?.................:.................9.............................p.......................g...................................2.....E.................G.....S.................0.....;.........................................,.....<.........../.....{.................V.......................X.................I.........................................t.......................j...................................).....C...........X.................c...........".....P...........6.....z.................'.....J.....]...........N.............
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):507855
                                                                              Entropy (8bit):5.361522715042697
                                                                              Encrypted:false
                                                                              SSDEEP:6144:NPKK+SmGmQaXDFY1+hM03GgDE7pF+E8y1l4Fj05fYrK3osSl6PZjHu:ZKKDmXXDdq01ap4y1lEj05Qr0osTO
                                                                              MD5:A24E01A4947D22CE1A6ACA34B6F2A649
                                                                              SHA1:750C2550465C7D0D7D1D63AD045B811B4A26DC55
                                                                              SHA-256:848D422BE1B8FAE74786ED6D6DFA7DD2E97B798B4A9BA1D929085E425B2A54E0
                                                                              SHA-512:02FC4CE96AA523EBC204243BBEC3347B09CB20BCC0BA66CF9532A6FB26C48F7F2396BBB833F1916F8F081FFC9C6CD2DE07315E66C5115042A0B44270FA4468C1
                                                                              Malicious:false
                                                                              Preview:........q#b.e.@...h.H...i.P...j.\...k.k...l.v...n.~...o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}................... .....(.....0.....7.....>.....E.....F.....G.....I.....\.....l................./...........'.....B...........$.....j...............................................9.....T.................>.....N.................8.....I...........C.................7.......................{...........).....:.................F.....[...........O.................G.................0.....................................................v................. .......................2.......................'.....{.......................b.......................Y.......................h...........$.....>................. .....=.......................4.................@.....S...........H.................-.....y.................!.....w.................7.......................}...........a.....x.............................w...........!.....5.............................|...........$.
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):460480
                                                                              Entropy (8bit):5.4631405749616855
                                                                              Encrypted:false
                                                                              SSDEEP:6144:2Ve10hVbtjvP4cCJ1ONRCOeP+sEmThFC0jmFohH4fSpY0lgtim0DM5Oju43sPZCo:+eQtjvP4cnre/tHmFoh99M5Oj+x
                                                                              MD5:82A07B154CB241A2EBE83B0D919C89E9
                                                                              SHA1:F7ECE3A3DA2DFB8886E334419E438681BFCE36CF
                                                                              SHA-256:84866CCAF2EC39486F78E22886BEF3FE75C1EB36E7A7C071471040E12018DB28
                                                                              SHA-512:07319D155BDF9E27762ECB9EF6871430BEF88B1AF129450EB65AA798EBAA4E02B25B0CF9BDE3B12FF1B04A3D14241569B73D6AF895D2E85DD7B24D393E7317E9
                                                                              Malicious:false
                                                                              Preview:.........#T.e.\...h.d...i.u...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.0.....8.....=.....E.....M.....U.....\.....c.....j.....k.....l.....n.....~.......................9...........0.....K.................J.....]...........?.....|.................[.......................S.......................B.....m.................A.....j.................f.........................................!.......................1.......................^...........!.....8.......................:.............................e.......................].......................i.................#.....s.......................j.......................j...................................5.....M.......................0.......................5.......................'.................#.....O...............................................!.................%.....@...........;.................)...................................&.....3.............................e.............
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):756165
                                                                              Entropy (8bit):5.0211117057378845
                                                                              Encrypted:false
                                                                              SSDEEP:12288:DCD38/+r28u313uyqoe+slXcfqEdvRmXzoT4WmdAQifaQ2XxFHGk62BtMX9OxRdn:DCDo+r28u313uyqoe+seqIvRmXzoT4Ws
                                                                              MD5:C770CFB9FBABDA049EB2D87275071B54
                                                                              SHA1:20E41B1802C82D15D41FADAF3DCD049B57891131
                                                                              SHA-256:DAE7E7C87026CD4E8A4CD813CC71DEF32C86ED47865CE6DA5383B66B7021C5BC
                                                                              SHA-512:CDA117A60C853F12ADE579C34FCE22D992B33DF1F5001A237767B6E642D5C775C3387BCEE05D6557FE5A2F6235F93258954A697D3B9812D2550C4801869F4751
                                                                              Malicious:false
                                                                              Preview:........##..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.#...v.8...w.E...y.K...z.Z...|.`...}.r.....z.............................................................................:.................q...........D...........[.....}.....E.......................o.......................G...........9.....L...................................%.....g...........P...........E.....m...................................L.................o...../.......................\.................{...........7.....[...........c.................9.................&...........^.................S...........3.....J...........V................................... ...........F.................F...........R.....u...........z.................t...........Y...........).................6.......................!.................<.....W......................./...........b........................ ....m!.....!....P"....."....R#.....#....=$.....$....3%....V%.....%....T&.....&.....&....J'.....'....6(....^(
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):470482
                                                                              Entropy (8bit):5.425789814492222
                                                                              Encrypted:false
                                                                              SSDEEP:6144:K+2JevEiMD19i//8e36bwFh20RtrZs6TIOEysaI9LL59YWyHrE5WacpoPWmMWO4C:K+9Hs19S/rKJam59YdHrE5WaipKYn
                                                                              MD5:FE011231BBC8B3A74652F6A38F85BC88
                                                                              SHA1:2B851E46738D466B3A5A470DE114D15051B6EB6B
                                                                              SHA-256:7A3249514585491EB47FE4B579EDC27CCC48761E7AD6BC11D113B257132C5DD2
                                                                              SHA-512:2A4E5C1409347B4B514556C81EF32C8AE118ADD28E3469717B13045C8424FED9B817C7988629050ED3E732E0CDCA181891B6A8B9E64E4C8D65F004D7C8DB9796
                                                                              Malicious:false
                                                                              Preview:.........#..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.+...y.1...z.@...|.F...}.X.....`.....e.....m.....u.....}.................................................................o...........B.....U.................N.....a...........>.....x.................b.......................W.......................(.....H.....X.................*.....D...........'.....i.................5.....a.....w...........7.....f.....{...........8.....i.................q.................).....|.......................O.....r.......................4.....@.............................o.......................T.......................0.............................f.......................y.................&.....k.......................K.....m.................I.....m.....|...........H.......................1.....H.....W.................8.....J.................?.....Y...........\.................-.......................=.............................Z.....s.................7.....b.
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):531993
                                                                              Entropy (8bit):5.200104622437094
                                                                              Encrypted:false
                                                                              SSDEEP:6144:VJPfDjGZPitD/ty3DQZIbpiWFevNnGFZ338mC5oVms68ARrq8:VhGAodn7C5Sm7
                                                                              MD5:7354DE570C8132723C8E57C4CCB4E7C4
                                                                              SHA1:177780FAF460E3C8A643A4D71C7A4621345A8715
                                                                              SHA-256:91149190C856195FB330605686ACF09C7197E5B7EFE37FE2A7C76BB8FB08CC89
                                                                              SHA-512:A8487A6A7FD46D62E78CA4262DE49E12C120268561EE61A642C45EFA48116EDEBEB40CF9E8BE229DB0BBF06BB6B5457CC54399A08EE6A603E5540EF5CA482798
                                                                              Malicious:false
                                                                              Preview:.........#..e.....h.....i.0...j.<...k.K...l.V...n.^...o.c...p.p...q.v...r.....s.....t.....v.....w.....y.....z.....|.....}.................................................%.....&.....'.....,.....9.....N.....d.............................*...........!.....f...........#.................7...........,.....p.................P.......................c.................:.............................0.....~...................................n.................4.........../.....y...........(.................6................. .....=....................... .....u.......................z...........%.....;.................=.....L.................A.....O.................A.....O.................D.....R...........S.................$.............................p.......................m.................7.................'.......................2.................C.....^...........R.................[...........^.....t.............................{.................4.......................*........... .....\.
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):550280
                                                                              Entropy (8bit):5.387288883804832
                                                                              Encrypted:false
                                                                              SSDEEP:12288:V06pImfHXFZLiQphDDq6QuaMV5wKzvOtXDZ/MYnYtgLXfyzEi5Qx0JSWkv40wCns:VNfqsVaC5WK
                                                                              MD5:D8B4BC789A0C865FB0981611FB5DCDBC
                                                                              SHA1:33F9F03117F0BBA56A696F2FA089BA893EE951A2
                                                                              SHA-256:52AA0A18ACE6347B06A89E3851A1B116812C022DBE41DA8942278878B5409CEE
                                                                              SHA-512:58D19E5A3C68C901FA2A0C327A45B410AB9B9E6C39298DB48EED25345453DCE1A4633AFE6277CF53ED558E160065B89C0E38A32CAECED47E79783DBDA4D74F26
                                                                              Malicious:false
                                                                              Preview:........S#..e.....h.....i.....j.)...k.8...l.C...n.K...o.P...p.]...q.c...r.o...s.....t.....v.....w.....y.....z.....|.....}.........................................................................&.....4.....F.....U.......................<...........#.....c.....{.........................................;.....d.................D.....T...........(.....c.....x...........m................._.................0.................M....._...........7.....t.................r.................a...........M.....m...........2.....c.....z...........,.....V.....h...........2.....h.....z...........J.......................a.......................\.......................I.....u.................H.....z...................................p.......................b.......................O...................................g.................J.....g.....}...........i.................H...................................m.................r.................j...........6.....O.................+.....?...........+.....p.
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1074089
                                                                              Entropy (8bit):4.312676397057413
                                                                              Encrypted:false
                                                                              SSDEEP:3072:QIEt+9TXuSm4vSDnlrjqy5HIwjAwREJKVMjNiT7llj63rFWlPvpMi5eQWiYJ+WRc:QIEtYXuLUKlrjTa4/WP5c4h6vFX
                                                                              MD5:225167DBDF1D16B3FAFC506EB63F6D1D
                                                                              SHA1:8651B77F41E3C5B019CCB124A7C8F6449A04B96C
                                                                              SHA-256:FF379DD77136B9B85E7E9FCB5B261ACE9C6D9184AF3BA2DEA35B1757B9BAB6D9
                                                                              SHA-512:A353D36A87B6608578816056647DE45A456F9012D399B2CB5CB7B9DE867A370FCAF1A90D293F367B9B678D13991294425ABD85CF77E971AFA0D3E9C316952115
                                                                              Malicious:false
                                                                              Preview:........h#k.e.....h.6...i.P...j.\...k.k...l.v...n.~...o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}................... .....(.....0.....7.....>.....E.....F.....G.....L.....n.......................2...../...........<...../...........s.......................j.................1.............................b...........B...........,.....L...../...........J.......................&.....h.....>.............................e.................................................................k...........@.....g..... .................=...................................m.......................v.......................M.................a...........h...........:...........E.....d.....w...........,.....b...... ..... ...."!....K!.....!....P"....|"....."....Q#....2$.....$.....$.....%.....&....D'.....'....i(.....)....L)....~)....a*....'+.....+.....+.....,....t-..........6.....]/.....0....X1....y1.....2....y3.....4....`4....L5.....6.....6.....6.....7....C8.....8.....8.....9.....:....n;
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):661497
                                                                              Entropy (8bit):4.632075612159233
                                                                              Encrypted:false
                                                                              SSDEEP:12288:9xsskchOxS28YeqhCdrNGmnSWqo/IQXOl60pACDXbheQCap125nVwo9Ps5plm7oM:9Bk7g5Wof
                                                                              MD5:D8320B09C1E138B00655DB0802687BCA
                                                                              SHA1:01616BDA6B22C70D5C6440B7451AE736EB1336CB
                                                                              SHA-256:E3336668AAD9AD661E7F589F1A405B9C95FC771261CDF9328ACA88F4BE763374
                                                                              SHA-512:5A91596D7E82DC3D692083AE45AFF6FDBDDD08CA17F49A020E0769F98C4218B6C9CD31E54524473B7CDCCBEBF4D7A7F0FF23B5075A1E1ADA5CC35C3FD0172BED
                                                                              Malicious:false
                                                                              Preview:........D#..e.....h.....i.....j.....k.....l.%...n.-...o.2...p.?...q.E...r.Q...s.b...t.k...v.....w.....y.....z.....|.....}...............................................................................(.....A.....^.....#...........b.........................................3.................8.................).................g.....x...........[.................;.............................*.....|...........:.................8.........../.....u.........................................S.................j.................).................E.....X...........t.................^.................#.................Z.....o...........U.........................................V.............................<.................-.......................]...................................O.....n.............................v.........................................4...........I.......................I.............................[...........;................./.................K.....o.....$.............
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1128743
                                                                              Entropy (8bit):4.289393956482131
                                                                              Encrypted:false
                                                                              SSDEEP:3072:CaaJyCmCd3RTaIEDOGV/BB0ZV1dsuOlRLXW3XHij0TByntDPtDlSp1s4u/8WLw3k:aQDa3RTaISOOz5j5thGM
                                                                              MD5:9E1788B0F3E330BAF2B9356A6C853B20
                                                                              SHA1:A2F4B37A418669E2B90159C8F835F840026128D9
                                                                              SHA-256:C640313E10E985A58D16F928D2428AE278421A070D948733AC68FDF7312090FD
                                                                              SHA-512:B9A577E084F8DAEB53FAD0A9423661C99CAB272125899A16B0B052606A2CB88F823137F3A21B5C06B10E0235321B7FACA84CD759BF406FB2DD02C2F598E92CB5
                                                                              Malicious:false
                                                                              Preview:........0#..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.)...s.:...t.C...v.X...w.e...y.k...z.z...|.....}.....................................................................................B.....{................._.................}...........B.....p...................................&.....U.....(...........6.....f.......................<.....#...........&.....c...........l...........$.......................W.....>...........l.......................$.....V.................S...........g...........m...........Q...........U.....................................................3.......................#...................................B.................j.....".....|......................., ....\ .....!.....!....."....<"....."....X#.....#.....#....p$.....%.....%.....%.....&....a'.....'....;(.....(.....).....).....).....*.....+....[,.....,.....-....A............/....x0.....1.....2.....2.....3.....4....+5....m5.....6.....7.....8....t8....h9....&:.....:.....:.....;.....<....$=
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):512611
                                                                              Entropy (8bit):5.519796392618245
                                                                              Encrypted:false
                                                                              SSDEEP:3072:3byA6gCM6By7Nv7vr7hA8aBV08Iouo+wvxr0Xcp/AikOSAqb+HicHE0uP1P4NUFn:Ahwxfh+cwJPwd75or76l/4c
                                                                              MD5:AF7AEC4B45EAD620463B732E16F63E47
                                                                              SHA1:E6838C56B945C936FDB87389FDC80CDF7BC73872
                                                                              SHA-256:BFEEAFE2F8A9F797D20C4209181C4768FBEA4A61FF2DC1F57F6CD18BC872FC13
                                                                              SHA-512:784FF8DC6011883E931B4B8371E5ADA960120931BFDF24F81648F5092FA31DB1D03E5D3CF5CD16D57EA7FB7877BB25A28533085AB42BFE40DC25CA7D9CEE7ADE
                                                                              Malicious:false
                                                                              Preview:.........#T.e.\...h.d...i.u...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.0.....8.....=.....E.....M.....U.....\.....c.....j.....k.....l.....n.....z.......................E...........3.....T........... .....X.....m...........d.................?.......................S.......................G.......................F...................................K.....m...........9.....}.................Y.....................................................s.................D.....k.......................@.....Q.............................u.................#.....y.......................x.................'.....y.......................].......................m...........-.....H.......................'.............................c.......................w.................P................. .....6.................5.....N.........../.................'...................................:.....^...........!.....P.....a.........................................H.
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):551843
                                                                              Entropy (8bit):5.644800761543747
                                                                              Encrypted:false
                                                                              SSDEEP:6144:0sTpI7ceE8WnOL42HPs2P0Ar7ky1XB5VwFZfpadYGDuU1gGse33a5gRFxztGateg:0spI7Y8WQ+AXB5VwAtj/3a5t+D
                                                                              MD5:B93BEEB1E35A29B310500FA59983F751
                                                                              SHA1:45C0B2CAB4C4A820CFC2AED4B7236DDC79A0DB00
                                                                              SHA-256:BAB09C3CB80130A4A288642633C2B31AB08B1757466D9A468BC36D276079F002
                                                                              SHA-512:249DE5B8BD7C4755CAA8B9552254D353B0D885B63BD5F7C6C8E29B3F4E447C9E8D6C0E88D5AABA0B898AA26880592B3904E19CA4797A2AC1DD757AAEE782C37C
                                                                              Malicious:false
                                                                              Preview:........E#..e.....h.....i.....j.....k.....l.%...n.-...o.2...p.?...q.E...r.Q...s.b...t.k...v.....w.....y.....z.....|.....}...............................................................................!.....6.....J.......................7.................v...............................................8.....Q...........+.....R.....c...........9.....r.........................................).........................................K...................................`.....z.........................................:.....W.........../.....V.....n...........F.....q...............................................U.....k...........v.................-...................................X.....l.............................M.......................t.................)................./.....G...........C................./.......................%.....~.................R.................(...........V.................|...........L...................................b...................................Q.
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):454027
                                                                              Entropy (8bit):5.384059218448116
                                                                              Encrypted:false
                                                                              SSDEEP:6144:f91C6s7szabK6s1o8Jf+eVnjHF26miZ0FZ58VhrwkK5R3SzP7IEji40Hf:fu7Bu6F85VnjHFXmM0b58VhAf
                                                                              MD5:BC719B483F20E9A0B4B88969941C869D
                                                                              SHA1:4D926A9ABA7C350E9DA8AA570A9F52534C81AA88
                                                                              SHA-256:F175E58BE47B228803AA32D2695E2FCFAF4655B65B96FB6B539B3E59593E6799
                                                                              SHA-512:DDF6108888676C1A90865DAAA88198B681B685D9047B0E10F5AA08DAA39A628A84732A8518606176529297BEC51CE8BC39E910EEFFC8B88E9585FAFB694C35DB
                                                                              Malicious:false
                                                                              Preview:........[#x.e.....h.....i.-...j.9...k.H...l.S...n.[...o.`...p.m...q.s...r.....s.....t.....v.....w.....y.....z.....|.....}.................................................".....#.....$.....&.....4.....A.....Q.....c...........I.......................J.....w.................J.......................d......................._.......................0.....Q.....h...........'.....V.....z...........2.....d.....{.................H.....U.................*.....7.................8.....K...........&.....k............................./.....{.......................A.............................m.......................R.......................*.....V.....`.................0.....<.......................).......................%.....m.......................(.....h.......................F.....q.................*.....[.....}.......................)...............................................)...........!.....z.................S.......................Z.......................!.....@.....P.................F.
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):501266
                                                                              Entropy (8bit):5.293951985847116
                                                                              Encrypted:false
                                                                              SSDEEP:6144:ZckXLmyax92+fMiMNDYISIqRRRsO1StBWRT9Tjex6qipELqbPpzHi9fLwsQ2nbwb:iWmhH6mZD28HG4KUw05klot
                                                                              MD5:AB160B6E8BBABA8F8BDE7E2D996F4F2E
                                                                              SHA1:EB7EAE28A693337B8504E3E6363087B3B113BC72
                                                                              SHA-256:E86BA661B3F6F7ECD2312FE90B873330C0D6516A5501A0F326875844E8D4B289
                                                                              SHA-512:14E8919E2F5A7AD2B3F310FFEC590B221E6E0DC45F37EFC57FF9B8FF7A3CA674D6F4B9BD65E49A98AF6726FA953F2168E5C8E6101ED977E8C7FF4A51203F8D4D
                                                                              Malicious:false
                                                                              Preview:........a#r.e. ...h.(...i.9...j.E...k.T...l._...n.g...o.l...p.y...q.....r.....s.....t.....v.....w.....y.....z.....|.....}..................................... .....'.........../.....0.....2.....E.....T.....m.....~.........................................&.....7.........../.................?.......................l.......................;.......................>...................................S.....x...........G.......................^.................".......................l...........3.....Q.................+.....I.............................e.......................H.......................P.......................0.....~.......................R............................._.....j...........Q.......................[.............................,.....B.......................1.................T.................2.....X.....m.................3.....F...........+.....~...........3...........#.....:...........4.................+.......................F.......................(.............
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):613077
                                                                              Entropy (8bit):5.6866751137991765
                                                                              Encrypted:false
                                                                              SSDEEP:6144:a1AxTSuPJmsKRC/uGsDKNJL+iCrtZKQ2xM6bU5B7YxVD:a2xYsKRC2GsDa9StZKQ2xM75B7m
                                                                              MD5:DEE9626A8D7CACC7E29CFF65A6F4D9C3
                                                                              SHA1:5C960312F873AB7002ED1CCE4AFDB5E36621A3CE
                                                                              SHA-256:63AD3974BAA8C160BA30448171F148D008AC19E80010FB13D3A65CF411B67AE0
                                                                              SHA-512:EE80D58886F4AC378D6491E075062C171A715AF7C42DD1785952B25A572381ACD722764E8BE914ADBFCCF2A5FA4A51968B989B632EEFB9D636851F1B8FFB82E1
                                                                              Malicious:false
                                                                              Preview:........."'.e.....h.....i.....j.....k.....l.....m.....o.....p.....q.....v.(...w.5...y.;...z.J...|.P...}.b.....j.....o.....w...................................................................................;...........a.................P.............................G.................{.....&.................;.......................\...................................3.....X...........g.................?......................._.......................}...........%.....4...........{.................b...................................>.....Y...........l.................{...........g...................................j...........*.....<...........'.....c.....r...........}.............................o...................................a...................................\.....z.............................q...................................<.....W...........,.....f.....|.....$...........,.....A...........Z.................b...........!.....B...........0.....i...............................
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1231605
                                                                              Entropy (8bit):4.220671500631487
                                                                              Encrypted:false
                                                                              SSDEEP:12288:UNHCRmR6fkA6GjYQnbY25l67c5qBUic+E+htyR:UNiRmR6Lr5mUJ
                                                                              MD5:32E5F528C6CEE9DE5B76957735AE3563
                                                                              SHA1:74A86191762739D7184B08D27F716CFA30823A98
                                                                              SHA-256:CD297F7E872B34E63CA2D98DC2FA79085E8A2985BA8757601E4B901A3F30B013
                                                                              SHA-512:92D100B1289E63FD0DC65657FB4B1E16F298735E6CD066E9122D04E3B79E0D286F15FC9F1DA2C3A05AF528B92BDE95FCFBC493C466DB2D94A0749ADFBF7FB8D5
                                                                              Malicious:false
                                                                              Preview:.........#O.e.f...h.n...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z."...|.(...}.:.....B.....G.....O.....W....._.....f.....m.....t.....u.....v.....{.................).....u...........(.....)...................................@.....Z.....4.................T...........1.........................................E.....t...........i...........\.........................................r.......................-.....j.............................V...........q...........x...........G.....y.....8.................0...........s...................................;.................D.....f...... ..... ....>!....m!....B"....."....s#.....#....i$.... %.....%.....%.....&.....'.....(.....(.....)....j*.....*....)+.....+....L,.....,.....,.....-....+..................0.....0....v1.....1.....2....y3.....3....(4....X5....$6.....6.....7....X8.....9.....9..../:.....;.....=.....>....I>.....?.....@....|A.....A.....C.....D.....D.....E.....E.....F.....F...."G....UH....>I.....I
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):517250
                                                                              Entropy (8bit):6.059093259094021
                                                                              Encrypted:false
                                                                              SSDEEP:12288:Bv+8Jr3zNRTuTjXcq+t8OQ4EVh3IKACqX5K7GGZ+8BtPq7hUomrOedlO:x+8BWm5H86alO
                                                                              MD5:38A95D783D627E9A83AD636FAA33C518
                                                                              SHA1:CB57E8E9EF30EB2B0E47453D5EC4F29CEA872710
                                                                              SHA-256:0D9B23E2981412D11ECEA3ADE8D521A073802D9431C39D72B88F62B98E50A96B
                                                                              SHA-512:4119B8F82107473C941C9E10B6BAE97D60C9C47570CC2B40F429A95F4F5CCA77EECBACD7023AF439429026F6E55AD9DF19998C8B98BE0D04D384B310D025C0DC
                                                                              Malicious:false
                                                                              Preview:........."A.e.....h.....i.....j.....k.....l.....m.....o.....p.....q.....r.....s.....t.....y.....z. ...|.&...}.8.....@.....E.....M.....X.....`.....o.....t.....{...............................................K.................#.................=.....P...........4.....z.................^.......................r.......................v.................).......................:.......................S.......................G.......................F.......................|...........?.....V.................,.....C.............................v.......................v.................7................./.....?.................:.....M.................9.....I.................8.....H...........=.......................H.....i.................C.....k.................N.....t.................z.................8.....u.......................V.......................J.....}...................................[.......................|.......................q.......................f.......................}.
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):556374
                                                                              Entropy (8bit):5.6329747097065646
                                                                              Encrypted:false
                                                                              SSDEEP:12288:ciW9XReMAg80mI963AS56ziarWCB56SNU:xAAMVL7S5Xa6CBW
                                                                              MD5:3E9119A712530A825BCA226EC54DBA45
                                                                              SHA1:10F1B6BF2FA3A1B5AF894D51B4EB47296C0DBC36
                                                                              SHA-256:3DA531A9A5870315823E74B23031CB81379D2D94AE9894A7FB1D8A8AD51A2DA9
                                                                              SHA-512:765C872CAFA1B266575B0CAC09DFA796CDB860BD82E1C657397FE2AADA11771F306B0A1776E4D66FF41E94B153C812592430F31E7B1FF97ABE7D8E6B96D321F1
                                                                              Malicious:false
                                                                              Preview:........j#i.e.2...h.:...i.K...j.W...k.f...l.q...n.y...o.~...p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................#.....+.....2.....9.....@.....A.....B.....D.....R....._.....s.............................#...........9.................3.................'.................V.....p...........i.................'.......................z...........(.....M...........`.................8.......................m...........!.....1...........I.................:.................6.................?.....Z...........=.....m.................k.................+.......................p...........*.....9...........7.....r...................................9.............................(.....{...................................Z.................?...........1.....g...................................o.............................4.....v...........'.............................W.................J.................,...........^.......................u...............................
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):553985
                                                                              Entropy (8bit):5.628621633625195
                                                                              Encrypted:false
                                                                              SSDEEP:6144:E4wNRkfYqooJw9bJ28DZyJxyNGtVF2tPlz7c4YbUSZbb3n5nygN9E9J5gosRyEAS:Okxw5P8iplzw4XkXn5vE350ypO19
                                                                              MD5:E75CDDA386DD3131E4CFFB13883CDA5F
                                                                              SHA1:20E084CB324E03FD0540FFF493B7ECC5624087E9
                                                                              SHA-256:AE782F1E53201079CA555BAA5EC04B163188E5161242D185F04A606A49FC8C0D
                                                                              SHA-512:D27BC61028031946ED6708918F921C3D681C8962B8D5507A91AB6576E3B2C462524E550305DB87EDE886E41FB0E49EDEC2D84CDBBAD675282105627E01D98BF5
                                                                              Malicious:false
                                                                              Preview:.........#C.e.~...h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.%...y.+...z.:...|.@...}.R.....Z....._.....g.....o.....w.....~.................................................................D.................1.............................D.................0................. .....{...........;.....F...........;.....s.................u.................f...........^...................................A.............................>.................,...........".....C.................4.....J.................@.....R...........%.....L.....`...........q.................1.......................\.................(.................D.....U...........M.................*.................5.......................(...........'.....^.....~...........M.....r...................................{................."...........&.....[.....t...........r.................l.....$.................".......................v...........8.....H.................5.....W...........n.......
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1281970
                                                                              Entropy (8bit):4.255584378467937
                                                                              Encrypted:false
                                                                              SSDEEP:12288:+okD5/VA2cMmsbbAxqInxblD/xn9mMRTAr6DuhQA+tHxy3ewh+5qR7dCds/fv38C:aPzqzXry3e75qR7qs/X3X
                                                                              MD5:6E96EDDFE80DA6AAA87F677FEEF4D1D6
                                                                              SHA1:8A998785D56BC32B15CEE97B172CD2DCDC8508D9
                                                                              SHA-256:E2FB73353AB05EB78F9845BDBDF50B64C9FB776B7F08948F976FE64E683397C4
                                                                              SHA-512:FEEA11DFC6EC153AB903B5828306617EEDEEE19DAA73BD046AE47757795FECB9ABCE6192BB3A9561AAACE7FC85EE442057B93081C6C986855B819FD38815E6F7
                                                                              Malicious:false
                                                                              Preview:.........#M.e.j...h.r...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.&...|.,...}.>.....F.....K.....S.....[.....c.....j.....q.....x.....y.....z.......................<.................2...........e................./.....{...........J.....9.......................U...........v.....F.............................a.................[...........!.....o...........E.......................D.............................Q.................\...........6.....~.....u.................B.......................T.......................n...................................b.....F ..... ....]!.....!....u"....F#.....#.....#.....$.....%..../&....l&....;'.....(....q(.....(.....).....*.....+.....+.....,....}-.....-....1............/...../....,0.....1.....1....n2.....2.....3.....4....p5.....5.....6.....7.....7....28....T9....K:.....:....,;....k<....-=.....=....+>....Y?.....@....QA....zA.....B.....C....tD.....D.....F.....G.....G.....G.....H.....I....=J....wJ.....K.....L.....M
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1052914
                                                                              Entropy (8bit):4.286050307210063
                                                                              Encrypted:false
                                                                              SSDEEP:3072:3P5UK/LY0rHXWjViQm0vLJuVXrMHwrNf3FaMUCyGR93RkR3bntOubz1hzudmHwfZ:xUCY8qA0pJvC3SGINa5/pC7t2
                                                                              MD5:FDA40999C6A1B435A1490F5EDCA57CCD
                                                                              SHA1:41103B2182281DF2E7C04A3FFF23EC6A416D6AA9
                                                                              SHA-256:0EBB125A0BDFD1E21B79914CA8E279790D41F7BAC35BF2D031DD7981F1C1C056
                                                                              SHA-512:666CEB24D2E568A00A77512295E224A6545BF6ABCFA19C93AA823DB5330117FCB39FDE570E7601DBD41976950C3EC03634F89FC5D9203357515E6651AB0B6D32
                                                                              Malicious:false
                                                                              Preview:........<#..e.....h.....i.....j.....k.....l.....n.&...o.+...p.8...q.>...r.J...s.[...t.d...v.y...w.....y.....z.....|.....}...............................................................................8.....W.................3...........-.....j........... .....a...........................................................f.........................................&...........u...........>.....u.....E.......................V.......................9.....t.................|...........(.....b.....5...........q.....?.......................Z.................r..... .....a...........y.....V.............................%.....Q...... ..... ....9!....\!....."....."....5#....U#....($.....$....O%....u%.....&.....'.....(.....(.....)....X*.....*.....*....i+.....,....B,....d,....0-.....-....o............/.....0....W1.....1.....2....|3.....3.....4....K5....D6.....6.....7....^8....%9.....9.....:....e;.....<.....=.....=....#?....-@.....@....;A....DB...."C.....C.....C.....D....cE.....E.....E.....G.....G.....H
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):476479
                                                                              Entropy (8bit):5.251439262040867
                                                                              Encrypted:false
                                                                              SSDEEP:6144:B304QirwGezQZU+JsxJwCuRlO0jlsUcSP5slGKsMSYlEFh:O49UzKU9xJqlOulj5VhMM
                                                                              MD5:73096184D7BD6A9A2A27202D30A3CFA1
                                                                              SHA1:EA711B29787AA8B9E9AF6BDE5B74103429E5855F
                                                                              SHA-256:D1072514BAB63AF5DFBF923175D491787139F0C1B6361ACB23E67543836C84BA
                                                                              SHA-512:E3FBEE4896554E502C222B5FFE38E9D61E9DB4D18CDC92CE5118B819DC60789BFD6D6C7F8444FF1763222455AB91E79BFE500E75C0E06B0DE70C2C64FB043C6F
                                                                              Malicious:false
                                                                              Preview:.........#A.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w. ...y.&...z.5...|.;...}.M.....U.....Z.....b.....j.....r.....y...........................................................q...........C....._.................R.....b...........@.......................n.................!.....u.......................i.......................n.................=.......................^.......................;.......................).......................F.................%.....m.......................2.............................\.......................V.......................^.......................T.......................B.....r.....{...........5.....h.....s...........V.......................W.....|.................7.....[.....u.................C.....T.................8.....[.............................p........................................./...........&.....z.................W.......................d.......................4.....V.....f.................A.
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):463564
                                                                              Entropy (8bit):5.426692701465118
                                                                              Encrypted:false
                                                                              SSDEEP:12288:8ba9K5cV3MpYuwOp7fdBia+c5Io42gz4vj:oa3D/a+c5z4hzE
                                                                              MD5:28CC86C7204B14D080F661A388E7F2C0
                                                                              SHA1:E0927EA3C4FD6875DAFD7946AFFB74AD2DB400F5
                                                                              SHA-256:9253122D94CCEA904FB9363B8178CA9335B8380B7891F1A7A22AFB3113309E72
                                                                              SHA-512:E2524E10D145F95C028D65E47CF06FC82C7A43FCF0ECF01202278C7FB14079C03E9434E8039FD96AAEE870872C9896D9F0ED575E50C19A3781CB0C94FE59B3A5
                                                                              Malicious:false
                                                                              Preview:........r#a.e.B...h.J...i.a...j.m...k.|...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.......$.....).....1.....9.....A.....H.....O.....V.....W.....X.....Z.....e.....t.................6...........).....>.................@.....S...........b.................3.......................4.......................".....~.................#.......................O.............................$.....q.................j.................:.............................9.......................D.....].....k.................>.....N.................!.....1.................0.....D.................2.....B.................<.....L.................(.....8.................$.....2.................a.....y...........*.....P.....c.................-.....F.......................'.................S.................>.....d.....}...........J.....v.................Q.......................}.................[...........!.....J.................>.....Q...........................................
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):477660
                                                                              Entropy (8bit):5.368696736425329
                                                                              Encrypted:false
                                                                              SSDEEP:6144:uerc6TeVRbZy3gihngHh9gog5HHnpo+h459tmxDGpF97358OTn:uf6Teuagog5nx459tmxDGpF97WOTn
                                                                              MD5:7FC6AE561FD7C39FF8BA67F3DBAA6481
                                                                              SHA1:2E3977403A204C6F0CA9A6856BB1734490A57E72
                                                                              SHA-256:844031E1DE2B2872D12D5B7D42ADF633C9D4B48169B1B33B7492B3B060C73558
                                                                              SHA-512:90294AE24B7DB003BC34A48F98D9E1887E87C6F605DEFE01DDCF9187429E8446C04A7F94BB6AADC8E61C98842163BC3702B414393AB836EB0BEE038F09481C2B
                                                                              Malicious:false
                                                                              Preview:........X#{.e.....h.....i.'...j.3...k.B...l.M...n.U...o.Z...p.g...q.m...r.y...s.....t.....v.....w.....y.....z.....|.....}................................................................... .....,.....<.....M....._...........i.................<.......................`...................................1.....H.......................+...............................................=.................L.....l...........*....._.....n...........9.....p.................e.................@.......................k.......................=.............................b.......................a.......................Z.......................:.....d.....n.................E.....R.................B.....Q...........-.....m.................<.....i.................".....C.....Z.................8.....J.................S.................!.....?.....S.................I.....Z...........,.....o...................................|...........).....N.................J....._.................&.....6.................&.
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):534366
                                                                              Entropy (8bit):5.77011996675953
                                                                              Encrypted:false
                                                                              SSDEEP:12288:Hg1L9OZWoOB/oZU/FmXgvh6HA7b0mPeCUdVe3mbUbEmw1QhWRH5EdL4ftiJ:Al9OjtU01Qhc55y
                                                                              MD5:BA7A9ABA68211D8639DFFAE0EF8B88DA
                                                                              SHA1:A9A26B8F0902475CB576967CBE9013028CB21DA4
                                                                              SHA-256:60AA08598A81BB46DDC64A5AB0852565554C6E6262E9C5DFEE09F4E3FC08D5FE
                                                                              SHA-512:A1B8BFC3E19AA1267E31838E1C1F2B0B1CFCDF56F84E967088D626B58EC64B3305043A14B12FD080498EE1D74A4192453914C393CE8F848EA5616CF88ABC4EB5
                                                                              Malicious:false
                                                                              Preview:........x#[.e.N...h.V...i.g...j.q...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}. .....(.....-.....5.....=.....E.....L.....S.....Z.....[.....\.....^.....m.....{.................D...........?.....[...........).....c.....v.............................U.......................m.......................f.........................................C...........9.......................v.................,.......................X.................8...........I.................%.....b.....w.................1.....T.....d.......................&.................(.....<.................*.....<.................".....2.............................x...................................Q.....i................. .....7.......................'.......................,.................M.....~.................5.....L.................%.....A.................i.................v.................c.................>.................%.....6.....~.......................b.............
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):502496
                                                                              Entropy (8bit):5.42724876798731
                                                                              Encrypted:false
                                                                              SSDEEP:6144:OrUbPq56NTyytNBXBLilIyMyE15aKJutiOsRhkxCp:Or6C5FyT5hJKsRKxM
                                                                              MD5:53D5FB849C9BAB70878B3E01BFFAD65A
                                                                              SHA1:E72AF1A76539E66CEF4A4EEF5844B067A4E1A79F
                                                                              SHA-256:40DD24C5E225ED941BBAAB3DCFEFA993E39FBC75A1798F4F6E06424956698AC5
                                                                              SHA-512:55357643D789D2EED72E009F08F72BA4895BA455CA00C8347A3C3790E43F8D7E4625FEDA438ECAC840BDC52C26D2135D89BEA693B61A293922B6056BDE6B4516
                                                                              Malicious:false
                                                                              Preview:........t#_.e.F...h.N...i._...j.k...k.z...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.......".....'...../.....7.....?.....F.....M.....T.....U.....V.....[.....m.....}.................B...........*.....F.................F.....V...........s.................U.......................W.......................<.......................h.................H...........=.........................................=.......................k...........).....B...........N......................._.......................O.......................L.......................U.......................N.......................-.....[.....e.................5.....?.................4.....E...........@.......................H.....l.......................?.......................3...........,.....g.................5.....N.................N.....a...........1.....|...............................................Y.................6.....^.....q.................4.....I...........!.....^.....~.......
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):503874
                                                                              Entropy (8bit):5.406123541333513
                                                                              Encrypted:false
                                                                              SSDEEP:6144:f3O/2bF2ozwfieJVJJxhoN4lCOfVY35NKimSRri:f+/2x2od35NKtSR2
                                                                              MD5:0237374730FA1A92DEC60C206D7DF283
                                                                              SHA1:62DBBD855D83EF982A15C647B5608DAFB748745A
                                                                              SHA-256:2FB2FD2E32B952DCBC8914F9D3AAF02BF2750B72ABFEE2E8B2BB08062DDD9934
                                                                              SHA-512:63EC4EC44002724E22703A3BD952D1FF4062B367C4F5E3F106349BD226AD1317BEF2E371FDA0E099EA5C0AFD32A9D2C1246C93C18D73DCCF8FC2C1644A6FB6B2
                                                                              Malicious:false
                                                                              Preview:.........#M.e.j...h.r...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.&...|.,...}.>.....F.....K.....S.....[.....c.....j.....q.....x.....y.....z...................................W...........<.....W...........".....m...............................................5.....Y.................&.....6.........................................L.....z...........Z.................*.......................I.......................f.................0...........&.......................R.......................@.....q.................C.......................S.......................T.......................7.....d.....n.................=.....G.................2.....C...........!.....q.................1.....[.....w.......................!.......................,.................R.......................E.....W.................;.....P................._.....y.............................r...........).....M...........0.....p.................$.....I.....^...........,.....h.
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):522785
                                                                              Entropy (8bit):5.459461998642662
                                                                              Encrypted:false
                                                                              SSDEEP:6144:F5F0NqPzpwXg7XTLb/7FSmo/xOfinKdoGN5PBoC1s2e/m7O3:SI0g7XTL/FSmo5OqKdN5pop/53
                                                                              MD5:4E692489E2AE74A4A11CA0A113048F15
                                                                              SHA1:CB2B80217D5372242D656AC015C024FE1E5E77B7
                                                                              SHA-256:4A2A305668F1926CFE4BB72E8FBFDE747C83AC4DD9CF535C13AE642D0B96FB79
                                                                              SHA-512:8AD9E0A79137A862DEF24D6963536E75B87BB71AB74DBDD43531C5C95DDD3CD834F22C6A8E3A1E03AAD35ADE65ECD227D5101B5BE3CE3F0B7B471F5136CFD77C
                                                                              Malicious:false
                                                                              Preview:........j#i.e.2...h.:...i.K...j.U...k.d...l.o...n.w...o.|...p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................!.....).....0.....7.....>.....?.....@.....B.....Q.....].....k.....}.............................l...................................p.................x.................-............................._.......................}.................j.................>.................d.....}...........@.....t................._.................L.................J.......................$.....s.......................D.......................).......................&.....{.......................c.......................9....._.....o...........!.....P.....d...........\.......................c.......................3.....S.....w...........8.....g.....z...........k.................B.......................3.......................^...................................U.....n..........._.................B.......................F.......................H.............
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):856355
                                                                              Entropy (8bit):4.826212670448168
                                                                              Encrypted:false
                                                                              SSDEEP:12288:2oZ3aknfQjRo4YS7yMh/KgNzJ9fx+aAka2qSGsN8zqcnYH8eXN2hPO3j/zpbzvMX:hZ3GR/5X6Eq
                                                                              MD5:1A9B38EC75CCFA3214BEF411A1AE0502
                                                                              SHA1:DE81AF03FFF427DFC5FFE548F27ED02ACAE3402D
                                                                              SHA-256:533F9E4AF2DCE2A6E049AC0EB6E2DBF0AFE4B6F635236520AEE2E4FA3176E995
                                                                              SHA-512:05CF20AEA71CDD077B0FA5F835812809AD22C3DBEBC69E38AB2C9A26AD694AB50D6985AEC61633B99713E7F57408C1C64CE2FB9CCDAC26661B7167853BDD6148
                                                                              Malicious:false
                                                                              Preview:........."..e.....h.....i.....j.....k.&...l.1...n.9...o.>...p.K...q.Q...r.]...s.n...t.w...v.....w.....y.....z.....|.....}.........................................................................!.....>.....V.....}.....>.......................O...........Q.....r.....T.......................O.................N.......................(.......................5.........................................T...........G...........,.....a.....................................................!...................................*.....g...........Z.................,.......................w...........%.....J...........{.................{...........-.....D...........A.....z.................x.............................,.....V...........R.................!.....x.................I...........Q.....j.....^...........\...........I...................................T...........R...........:.....d.....7...........l ..... .....!....`"....."....9#.....#....b$.....$.....$....E%.....%.....%.....&.....&.....'.....(
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):539514
                                                                              Entropy (8bit):5.818959197750725
                                                                              Encrypted:false
                                                                              SSDEEP:12288:zF2oXDdqsGk2Rspyzir+e/5CvHLg3HXLPxt9R:EoXDdqshpyk/5uLIltD
                                                                              MD5:F117E58E6EB53DA1DBFA4C04A798E96F
                                                                              SHA1:E98CEE0A94A9494C0CFC639BB9E42A4602C23236
                                                                              SHA-256:B46DB20EEBA11F8365296B54469FDD001579852DC1D49A01FC59D2A8BCF880A3
                                                                              SHA-512:DEA792A63E0557D9E868C0310EC2A68B713DAF5CF926389E05A0885CDB05433D20F35D087DE269F9584795DA50600966B8FF5DD95583861443A1E90564A89793
                                                                              Malicious:false
                                                                              Preview:........l#g.e.6...h.>...i.R...j.^...k.m...l.x...n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}...................".....*.....2.....9.....@.....G.....H.....I.....K....._.....g.....y...........>...........[.....v...........W.................1...................................).....@.................>.....Q.................3.....G........... .....U.....z.........................................6.....O...........2.....h.....y.............................n...........L.....g.................=.....R.................9.....K.................3.....E...........%.....c.....y...........V.......................b.........................................(.......................}...........N.....f.................!.....5...............................................-...........*.....o.................M.....i.....~...........\.................#.............................%................. .......................Y.......................V.......................i.............
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):518515
                                                                              Entropy (8bit):5.490293083588063
                                                                              Encrypted:false
                                                                              SSDEEP:6144:Gbsq8+s/u07QLr32zTMSB29i2iM8nnbrNjSdum4ocyxPbPD+DTubVmavfDszt5T0:sLWroSB2T+E+p578c0JHjcGi/fzzCqc
                                                                              MD5:435A2A5214F9B56DFADD5A6267041BD3
                                                                              SHA1:36BBC7CA3D998BFB1EDC2FF8A3635553F96CA570
                                                                              SHA-256:341C33514C627501026C3E5B9620CF0D9F482AB66B10A7E0FB112C7620B15600
                                                                              SHA-512:55271935E18AC27C753431AF86A7DCD1F4A768ADEF1B593BA8E218DA34856A5F9FAF9819A3ECCE3F21F0607BA95100C5CB18CD1A7138EC563090D0391AD5B52D
                                                                              Malicious:false
                                                                              Preview:........X#{.e.....h.....i.'...j.1...k.@...l.K...n.S...o.X...p.e...q.k...r.w...s.....t.....v.....w.....y.....z.....|.....}.........................................................................0.....>.....N.....a...........~.................Y...................................].....|...........H.....|.................G.....r.................:.....e.....t...........V................./.......................l.................).................4.....H...........B.....y...........3.................*.............................c.......................N.......................Z.......................}.................#.................J....._.................I.....\.................Q.....`...........;.....x.................G.....g.................,.....J.....e...........'.....k.....}...........^.................).....{.................".......................B.............................>.................y...........O.................c.......................J.....h.....x...........X.......
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):799241
                                                                              Entropy (8bit):4.749887536690665
                                                                              Encrypted:false
                                                                              SSDEEP:12288:qCIVob4zA74dHLYbeHIdN4SGdEDWeUnLYA1785sXMx5xMd8G37gjemS/k/C:ZSe41A0x85nxQP
                                                                              MD5:8F58B2463E8240EF62E651685E1F17D8
                                                                              SHA1:6C9F302AED807A67F6B93BCB79577397A5AD3CF7
                                                                              SHA-256:5A55320D6953EFB5B565893E32E01F6DAE781A16460DF5502C8BA012C893EDFD
                                                                              SHA-512:6076D43A73D5FA5192CBE597E018B268CFDC7EFB94A6CB45DAD5B0DA9C3ABF68AAF2EA06F3AD650B28A993605917B6D356339D79F8DD6962D2C40DBF4653EF83
                                                                              Malicious:false
                                                                              Preview:........w#\.e.L...h.T...i.e...j.q...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}. .....(.....-.....5.....=.....E.....L.....S.....Z.....[.....\.....^.........................................3.....g.....+...........8.....[.....V.....!.......................b.......................>.................=.............................w.............................R...........X...........W...........<...........5.....Z.....@...........w......................./.....k...........k.................W.................'...........$.....\.....{.....?...........@.....k.........................................f........... .............................3.................p.....!.................Z.................+...........:.....s...........Z...........9.....V.....&.................q...........z.................. ....,!.....!.....!.....".....#.....#.....#.....$....{%.....&..../&.....'.....'....6(.....(....:).....).....*....:*.....*....5+....m+.....+....[,.....-....p-
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):465621
                                                                              Entropy (8bit):5.545518715933861
                                                                              Encrypted:false
                                                                              SSDEEP:6144:kcCDD/pC1z11OBIrkn554FwxZf1Chn4RFcmi8G96iMXSOwDE/xWcqVR5sW7Y5FcJ:vecXwIrLFy+5E5FcJ
                                                                              MD5:E4C9CED1A36EA7B71634E4DF9618804F
                                                                              SHA1:C966C8EB9763A9147854989EA443C6BE0634DB27
                                                                              SHA-256:E5CCCDB241938F4A6B9AF5A245ABE0E0218C72E08A73DB3ED0452C6DDFB9C379
                                                                              SHA-512:D07A4D62F22A1830D3EC44F0C347E4A7D70B35CEBA126CBDC246A7B3EE7EDA85E2338BAB3EDC7223F579964868136BB10D42C05E0E0FF9F73447B3606D9B2C4E
                                                                              Malicious:false
                                                                              Preview:........?#..e.....h.....i.....j.....k.....l.....n.#...o.(...p.5...q.;...r.G...s.X...t.a...v.v...w.....y.....z.....|.....}.....................................................................................%.....9...........>.......................p.................A.................'.................0.....L.................1.....A.................2.....B...........&....._.................m.................+.......................5.......................s...........;.....Q...........|.................J.......................&.....}.......................[.......................`.......................d.......................V.......................F.....q.................D.....v.................X.......................S.....s.................).....G....._.......................-.................B.....r...........&.....E.....[.................?.....T.................H.....^...........b.................M.........................................*.....t.......................L.............
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):490754
                                                                              Entropy (8bit):5.340013612557628
                                                                              Encrypted:false
                                                                              SSDEEP:12288:/wmIzbIcvt54uCERdyU7bQg8Wo97pJ8zvgu352ub95Z4sKPe/BrufA:/azl5Bn
                                                                              MD5:59FF4E16B640EF41100243857EFDD009
                                                                              SHA1:F712B2D39618FFADCF68D1F2AB5A76DA5BE14D74
                                                                              SHA-256:C18A209F8EC3641C90EA8CED5343F943F034E09C8E75466E24DCABC070D08804
                                                                              SHA-512:0E721A6CBF209AC35272AD292B2E5000D4E690062DDB498DBF6E8E6EE5F6E86D034A7303A46C2B85750245381C78EFAFC416EAD13C1FE0EE5EC6088DD66ADCA2
                                                                              Malicious:false
                                                                              Preview:........k#h.e.4...h.<...i.G...j.S...k.b...l.m...n.u...o.z...p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................'...........5.....<.....=.....>.....C.....U.....e.....y...................................e...................................\.....r...........&.....Y.....m.................B.....Q.................+.....9.................:.....`...........^.................5.......................C.......................D...................................Z.....v........... .....H.....c.............................j.......................\.................%.....}.......................~.................(.....|.......................h...................................2.....K.................*.....F.................9.....Z.................V.....f...........B.......................^.......................@.....h.....z...........V.................@.................).................N.....k...........`.................&.....z.................H.............
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1268483
                                                                              Entropy (8bit):4.035580260221202
                                                                              Encrypted:false
                                                                              SSDEEP:6144:GeTVtPcVpmT9Yvh54P5TzotR1cA25tm1vYpiMyy:nViVITqzy5TzccA25tm1vYpiMyy
                                                                              MD5:5F80C9DA0C09491C70123581A41F6DAD
                                                                              SHA1:3FC9560A954271CF09AAA54EEC34963C72C06E85
                                                                              SHA-256:30658D99D753946E9C9C02094C89BE25B710DB77251DF6CD1A8839C29DE5F884
                                                                              SHA-512:072C5DB7FE1EB9E6C270D0E9B439CF84EBB3DC374D4F01F01F9341030883F2D6D9C6970FB6EF14BF96FCCB51EADE9CA762F396F89BA1D3DF1230DDA68557FD4A
                                                                              Malicious:false
                                                                              Preview:........N#..e.....h.....i.....j.....k.....l.9...n.A...o.F...p.S...q.Y...r.e...s.v...t.....v.....w.....y.....z.....|.....}.........................................................................=.....k.........................................H...........2.....o...........T.....,.....g.........................................!.....U.....<...................................s...........?.....~.....G.........................................5.................c.......................i.........................................].....?.............................p............ ....6!....@".....".....#.....$.....%.....%.....%.....&.....'.....(....3(....,).....*.....*.....*.....+.....,....,-....`-...........0.....0....,1....'2.....3.....3.....3.....4....p5.....5.....6.....6.....7.....8.....8.....:....%;.....;....-<.....=.....=.....>....d>.....?.....@....-A.....A.....B.....D.....D....BE.....G.....I.....J.....J.....L....#M.....M....MN.....O.....P.....Q.....Q.....R.....S....^T.....T.....U.....W.....W
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):1173901
                                                                              Entropy (8bit):4.287514680628642
                                                                              Encrypted:false
                                                                              SSDEEP:12288:/jAoZvA07McKNnCRWtgd49+agb0DQWp5B63p1Fm6OiTlC2pFg+NFqUZrOIoXAoIm:s5G35xM/1
                                                                              MD5:17B858CF23A206B5822F8B839D7C1EA3
                                                                              SHA1:115220668F153B36254951E9AA4EF0AA2BE1FFC4
                                                                              SHA-256:D6180484B51AACBF59419E3A9B475A4419FB7D195AEA7C3D58339F0F072C1457
                                                                              SHA-512:7B919A5B451EC2BA15D377E4A3A6F99D63268E9BE2865D674505584EED4FA190EAAE589C9592276B996B7CE2FDFAE80FDA20FEFF9EA9ADBB586308DFD7F12C2A
                                                                              Malicious:false
                                                                              Preview:.........#N.e.h...h.p...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.-...|.3...}.E.....M.....R.....Z.....b.....j.....q.....x..................................................... .....h.....R...................................U.....p.....<.........................................T............................./.....g...........W.........................................:.......................A.....8.................v.......................V.........................................".....K...........{.............................A...... ....|!....."....e".....#....n$.....$....5%....U&....&'.....'.....'.....(.....)....C*.....*.....+....~,.....,....<-.........../....(0....g0....h1.....2....x2.....2.....3.....4....Z4.....4....Q5.....6.....6.....6....^8....[9.....9.....:.....;....8<.....<.....<.... >.....>.....?.....?.....A.....A....yB.....B.....D.....F....GG.....G.....I.....J.....J....FK.....L.....M.....N....eN....lO....4P.....P.....P....6R....1S.....S
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):987501
                                                                              Entropy (8bit):4.326923937635645
                                                                              Encrypted:false
                                                                              SSDEEP:12288:OgFN2HN9LyZYA1T6z1L/LLftDjsAnILwgv1V5UBGsL3fBj8BlzEdq3Ro9lGdI9uN:OgFYdK5J5j
                                                                              MD5:4917873D8118906BDC08F31AFB1EA078
                                                                              SHA1:49440A3B156D7703533367F8F13F66EC166DB6E9
                                                                              SHA-256:D051B400096922089F6DAA723FAC18C9640BA203B2879AAC4CA89B05738DD32D
                                                                              SHA-512:30E6446BAD54B86BE553FA293C7A92EC221ADB54B99624ED69702DF75347A98697158041A45F77ECE4E7ED0FDA41306EF21EB27981F24F0A4E42E8306175A88E
                                                                              Malicious:false
                                                                              Preview:........."/.e.....h.....i.....j.....k.....l.....o.....p.....q.....r.....s.....t.....v.,...w.9...y.?...z.N...|.T...}.f.....n.....s.....{.......................................................................Y.......................<.....{.....C...........D.....n...........Q...........'.....`.....;.......................P.................Y...........".....;.....^.........................................[.....)...........T.....x.....C...........P.....w.....K...........d.......................k.................#.....{...............................................w...........p..... .......................@.......................Q.......................6.......................1.....................................................Z...........H ..... .....!....J!.....!....X".....".....".....$.....$....^%.....%.....&.....&....&'....V'....+(.....(.....)....J)....I*.....*....M+.....+.....,....t-..........=....../.....0....A1.....1.....2....L3.....3.....3.....4....D5.....5.....5.....6.....7...."8
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):501122
                                                                              Entropy (8bit):5.618531845968946
                                                                              Encrypted:false
                                                                              SSDEEP:6144:tgGjoIj9GAb0GKPRquxFX7gFZ7yMqPO4ppXHG42ge+54n/R+Pi1c2vdTAMTw/KUX:tgGHgo0G0RqU8wZHGe54n/C
                                                                              MD5:55E06CD9356D0FB6F99932C2913AFC92
                                                                              SHA1:AA5C532DDB3F80D2F180AD62CE38351E519A5E45
                                                                              SHA-256:AFCBF02420DC724059F70D1DC6FFA51F5DD75136D9E1E8671D92D5D14955EDF9
                                                                              SHA-512:813C180CB1AA205034497BE5FC8A631FF117E5ED17CDF0AC59B7569D74D849B385852A15BBADD3146F942C58BAB80D94BF0980D13CA4B4424D1CB1DF0CB1A2CD
                                                                              Malicious:false
                                                                              Preview:.........#1.e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.%...v.:...w.G...y.M...z.\...|.b...}.t.....|...............................................................................................2.......................v.................K.................!.......................0.............................o.......................y.................(.................^.....{...........@.....r.................7.....a.....q...........].................7.......................o.......................o.......................l.......................l.........................................,.......................,.......................$.......................*.........../.....}.................\.......................O.....q.................6.....n.................W.......................`.......................S.....~.................g.................n.......................(...................................T.....p...........4.....d.....y...........R.......
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):856077
                                                                              Entropy (8bit):4.859457960004309
                                                                              Encrypted:false
                                                                              SSDEEP:12288:8Jzdfzlw5Cgnbz/T0hoaiJITt5eB3IjeAjmEFIOuHLNiXEqqbo3/d:KdfhAw56EL
                                                                              MD5:381CB33C2D4FD0225C5C14447E6A84E0
                                                                              SHA1:686B888228F6DD95ADE94FEE62EB1D75F3E0FC93
                                                                              SHA-256:C2A6B16ABEAB6E18276BC1636555E93218763B9C99CACD0B42481B35E3A11820
                                                                              SHA-512:F7A2828AA4CD85F07A5D66832F247F70951ABF34F81A282DC41EC51875BA70D940353D010B605C56CC59BEE47309AA311099D4E6EBD17F3C1538521D0CDDF4B6
                                                                              Malicious:false
                                                                              Preview:........%#..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.$...t.-...v.B...w.O...y.U...z.d...|.j...}.|........................................................................................._.....C.......................^...........d...........Y.............................(.................s...........Z.........................................h.............................).....e.......................7...........v.......................c.............................:.....t...........m.................^.................;...........:.....x...........J...........H.....o.........................................T.....m...........|.................p...........>.....Y.....R.....".............................C.....e...........;.....d...........7...........V.....q.....f...................................>.....k........................ ..... ...._!.....!.....".....".....#....j$.....$....y%....=&.....&.....'.....'....F(.....(.....(....G).....).....*.... *.....*.....+.....,
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):749985
                                                                              Entropy (8bit):5.130337183789155
                                                                              Encrypted:false
                                                                              SSDEEP:12288:W2U9cmoa5DD8P4WrDD6yACLUj5DDPEFYW7BYcQYriwadcJKwUxuvco/9NjjFpvxR:1a8G5bWp
                                                                              MD5:861FFD74AE5B392D578B3F3004C94CE3
                                                                              SHA1:8A4A05317A0F11D9D216B3E53E58475C301D7EA5
                                                                              SHA-256:B9F22A23368BF1E21F3085583ECB775CCE8045176721FF6AE798B06BD2810DBC
                                                                              SHA-512:52EDE35B7ED1FB6E51B18E450B95C3245D326F2AFDA646E3642EE68B714DCF9A726AFE32E2759E9EA87A104F4A59E6FC2C60B3275AAD8332AE1C626231E6747B
                                                                              Malicious:false
                                                                              Preview:........e#n.e.(...h.0...i.8...j.D...k.S...l.^...n.f...o.k...p.x...q.~...r.....s.....t.....v.....w.....y.....z.....|.....}...........................................&.....-.........../.....4.....L.....f.................|.....>.......................T.......................z.....................................................j...............................................X...........N...........K...........,.................;...............................................5.................j.................{.................^.................*.................R.....l.........................................t...............................................I.....\...........g.......................C.............................@.....p...........Q.....~...........9.............................s.............................X.....{.....).................*...........z...........'............ .....!....T!....6"....."....`#.....#....j$.....%....g%.....%....-&.....&.....&.....'.....'....J(.....(
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):592944
                                                                              Entropy (8bit):5.79362677638915
                                                                              Encrypted:false
                                                                              SSDEEP:12288:9t12XV1+crwJ2roEw/aBuIZgsHXW0YYEDOr9g/C508jUmBnAi9wziMHQmwtm4:L12XX+crwJ2iaLZgsHG0Y3C508ImCi9v
                                                                              MD5:4076D3C0C0E5F31CF883198C980D1727
                                                                              SHA1:DB51B746216EA68803C98D7C1A5A2B45944359F3
                                                                              SHA-256:F1458C4CE4CA708E849EB0C68A5157360EF003F3A9C95628D5CA12ADA303B379
                                                                              SHA-512:80E4E960218F7D84423124C34352251411BAF008E821A344A0B6C2E7F1483694010F28B7DE21C7E2C69ABB4EC92E0D9CBDDEED6279B90C47245F4CBC500CDB77
                                                                              Malicious:false
                                                                              Preview:.........#..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.1...w.>...y.D...z.S...|.Y...}.k.....s.....x.........................................................................................r.............................j...........3...........'.....M...........N.......................b.......................j.................U.................Q.................#.....Q...........b.................R.............................^.......................,.................0.......................J.......................e................."........... .....h.................U.......................g.......................t.................'.............................2.................7.......................y...................................N.......................B...........&.....[.....}...........z.................q...........'.....N...................................|.............................6.....O...........".....U.....i.........................
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):428244
                                                                              Entropy (8bit):6.66612560644761
                                                                              Encrypted:false
                                                                              SSDEEP:6144:rnmNoByFw9qnvdNzuIaG/7C5ccJu7kzDg5CJTNY6BoHHulW:r2oBew9qvfz/aJ5ccJuAg50TNY6BoT
                                                                              MD5:3210460A24F2E2A2EDD15D6F43ABBE5F
                                                                              SHA1:608FF156286708ED94B7AE90C73568D6042E2DBD
                                                                              SHA-256:0F8D42D7F0B0B01AAFAD6AE79F0BD0CA518B2DB94287B09DF088BC093F15F605
                                                                              SHA-512:F97427DBA4217E01A7ED395C453D03DDA4F2258CBA589258DA0EACFDE427BF442CDDEF541A23E7782914433E70A9623E904A5070DEBA9F9D50DDA20732EB5E86
                                                                              Malicious:false
                                                                              Preview:........."..e.2...h.:...i.B...j.E...k.T...l.[...m.c...o.i...p.n...q.t...r.....s.....t.....v.....w.....|.....}.......................................................!.....#.....(.....1.....=.....O.....a...........T.......................g.......................n.......................w.......................v.......................A.....h.....u...........".....H.....b...........=.....~.................L.......................2.....[.....g.................M....._...........4.....r.......................-.....G.............................V.......................3.......................;.............................s.......................Q.....y.................*.....S....._...........E.......................5.....U.....i.................6.....M.................(.....:.......................;.............................W.......................W.......................s...........,.....>.................B.....W.................-.....<.............................Z.......................V.
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):424179
                                                                              Entropy (8bit):6.677156018886683
                                                                              Encrypted:false
                                                                              SSDEEP:6144:svATQ4LawqVPkG49+J+k2i2iurW4hcv50Ynzq1TfAyn7zeGTs:sY/2mG4+CW4hcv50YnzeNn7I
                                                                              MD5:F466116C7CE4962FE674383D543C87F6
                                                                              SHA1:F65BF0DC1F1B15C132674FB8FF540F7D2AFE1D6E
                                                                              SHA-256:FF3A294FD1AFB1FA7AAF53FBC4396643A12ED132633C5C86F14C16B88FA94A7B
                                                                              SHA-512:4851A08069FCAC75E4051E53D4526789BFE6C393AB963E8263803BBF6E96CB150E9BA741650EFB5EE500E8A757D8512EB17DC268CEC1AB6FD3ACFAC62F7DA27D
                                                                              Malicious:false
                                                                              Preview:........."..e.....h.....i.....j.....k. ...l.+...n.3...o.8...p.@...q.F...r.R...s.c...t.l...v.....w.....y.....z.....|.....}...............................................................................'.................U.....g.................8.....D.................6.....H.................%.....7.............................`.......................<.......................0.......................(.............................e.......................`...............................................[.....o.......................9.....E.............................i.......................F.......................).............................e.......................>.....g.....s...........;.....p.......................0.....D.......................^.......................J.......................3.....s.......................=.....`.....r...........%.....T.....n...........Z........................................./.............................:.....O.....\.................-.....?.............
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):5483537
                                                                              Entropy (8bit):7.995680005569416
                                                                              Encrypted:true
                                                                              SSDEEP:98304:+APFNXMmWPVctFCZcSENQjxh1Z/p6uNXrwrXRVunEVvXjAfz3hIkrT7s:+APFNXMddCM0Ghz/xpkrX2nEVvXGqkXA
                                                                              MD5:E2088909E43552AD3E9CCE053740185D
                                                                              SHA1:24B23DD4CAD49340D88B9CB34E54C3CA0EB0D27F
                                                                              SHA-256:BBA36D4D18D64D9627F54C54FD645C5BA459D25A59ACC5228210BD707AEF67FD
                                                                              SHA-512:DCEFACDDEC38D8941C7D2D7B971B6F22DD0ACB4116E48891D1D48A4D88968DA12B152CCB7591715C88F8E14C315E235D1C4E6852CC38B9246091C50226900DE6
                                                                              Malicious:false
                                                                              Preview:........@...f.....{.2*..|..-..~..0.....C....;E....iF....rQ......................+.................V...........q...........L.....l.....J..........<.....<.....<.....<c....<.....<"....</....<.....<.....<`3...<V:...<a>...<.>..I=.>..J=.C..K=.D..R=XI..S=.S..T=.a..[=s...\="...]=....^=...._=...`=(...a=....b=<...c=...e=r...f=.....=.....=.....=.....=.....=.....=4....=3....=7....=.....=.....E....+E....,E@...-E.....E. ../E.+..8E.<..9E.N..:E.`..BJ.l..CJ)y..DJ=...EJ...FJ....GJ\...HJr...IJ....JJ...KJZ...LJ....(K...)K....J[*...K[....L[.)..M[.+..N[G-..O[.0..P[.2..Q[.5...[.D...[.I...[.N...[o]...[d`...[.e...[.f...[Ah...\.i...\.r...\!x...\.~...\y....\....\8....\....\.....\....\Z....\.....\.....\!....\,....\.....\.....\.|...\........................>.....t...........t.....e...........1..........G.....M...........?...........n...........".........9.........b.........y.........<.....u.......7..........O....................o.........................a...........-.....1.....y.
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):17041510
                                                                              Entropy (8bit):6.741922775873898
                                                                              Encrypted:false
                                                                              SSDEEP:196608:bh/UcimDsWQkfOOXsW59ehUtHHwtJpQBx:tILjOc0yUVGQD
                                                                              MD5:279351B702C1333465BE3ED423601AE9
                                                                              SHA1:83BEE35945FE133B9D51F43BCAA6C306032C93E4
                                                                              SHA-256:4C44C2BFD9892D4E93FE3D5D51A162D3C05347707E94D8A3808C314993BC8D2A
                                                                              SHA-512:8892B44E0E8CFD8188AF5EBAB0E58A84C04BDCA5A87BFA7EE01DED14E659D77A40129A7B93601236B862754684BB54229AEFDA4B8614D6E1F3709B4D459E29F5
                                                                              Malicious:false
                                                                              Preview:....x@..t@..m@..{"files":{"node_modules":{"files":{"@gar":{"files":{"promisify":{"files":{"LICENSE.md":{"size":1094,"integrity":{"algorithm":"SHA256","hash":"ef7d10c21fe01e47a90973abda734e9be75162e5f561a84e95c5dcb9adbb89ea","blockSize":4194304,"blocks":["ef7d10c21fe01e47a90973abda734e9be75162e5f561a84e95c5dcb9adbb89ea"]},"offset":"0"},"index.js":{"size":967,"integrity":{"algorithm":"SHA256","hash":"a4fe100eb176ab95328881fe9490ac91e72d3d2992ac7fb2b9562d264156a8a3","blockSize":4194304,"blocks":["a4fe100eb176ab95328881fe9490ac91e72d3d2992ac7fb2b9562d264156a8a3"]},"offset":"1094"},"package.json":{"size":440,"integrity":{"algorithm":"SHA256","hash":"8012d0cdd159557951b1cb6e25177feb5e6f01d007f09adacf897335db41be99","blockSize":4194304,"blocks":["8012d0cdd159557951b1cb6e25177feb5e6f01d007f09adacf897335db41be99"]},"offset":"2061"}}}}},"@isaacs":{"files":{"cliui":{"files":{"LICENSE.txt":{"size":731,"integrity":{"algorithm":"SHA256","hash":"2dc0465729366c3a7890dfa9e972a1ba7048a26c02116fb8b419a6a
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:ASCII text
                                                                              Category:dropped
                                                                              Size (bytes):2068
                                                                              Entropy (8bit):5.069793714252897
                                                                              Encrypted:false
                                                                              SSDEEP:24:xdI5XxNvisJtb8yxRBkfh4E6dwpoXT8+bSOavNO27NOHjoJOI4spo+kpRiYTRHX:jOhNvierxRBkfWipoXTStJ60usi+k+gX
                                                                              MD5:7DD3BDF130A37BCD5E7DE4CF642150E1
                                                                              SHA1:9CBF17699F354BA7213202E5510C770DE077BA49
                                                                              SHA-256:34CCBDFCBB0B54AE4DB54D50D12C0B923AB1B8F485FF93C9C2F64FE3FB574F12
                                                                              SHA-512:35761D3536B6441DAB32E6394880915239A862E2E98C60E88A261887438BC308652776EB507775CF93D4B45050AC1CDE2E5CCF2088F494EA2AACE88F3A48DB1A
                                                                              Malicious:false
                                                                              Preview:.Shortcut [Version 1.11]..Creates, modifies or queries Windows shell links (shortcuts)...The syntax of this command is:..Shortcut.exe /F:filename /A:C|E|Q [/T:target] [/P:parameters] [/W:workingdir]. [/R:runstyle] [/I:icon,index] [/H:hotkey] [/D:description].. /F:filename : Specifies the .LNK shortcut file.. /A:action : Defines the action to take (C=Create, E=Edit or Q=Query).. /T:target : Defines the target path and file name the shortcut points to.. /P:parameters : Defines the command-line parameters to pass to the target.. /W:working dir : Defines the working directory the target starts with.. /R:run style : Defines the window state (1=Normal, 3=Max, 7=Min).. /I:icon,index : Defines the icon and optional index (file.exe or file.exe,0).. /H:hotkey : Defines the hotkey, a numeric value of the keyboard shortcut.. /D:description : Defines the description (or comment) for the shortcut... Notes:. - Any argument that contains spaces must be enclosed in "double
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):57344
                                                                              Entropy (8bit):4.777530479814042
                                                                              Encrypted:false
                                                                              SSDEEP:768:p8AcstBy9afhyO45SqNf/mmjVrqvn84Bhbrqtuv:p5csny9TVheqhQn8Igt+
                                                                              MD5:59375510BDE2FF0DBA7A8197AD9F12BB
                                                                              SHA1:B7AEF73FD5C9610860E2F3F6A3B8A21CB6873261
                                                                              SHA-256:74CD07EF186D995AD75A0C2A153D1DD6F7B563987F5AA0FEFEF0A095708C02DD
                                                                              SHA-512:EAA013B4885A4F05E998366317FE5BC46B7057C1F29653004787B0A6C40B445728A8EC63D0FA577E56293C34A27B508B7CC17A7A6AC95DE3C42541A51ECD12CC
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......P.=...S...S...S..]...S.".Y.'.S.......S.......S...R.".S.".X...S...U...S.Rich..S.........................PE..L...y;.B.................p..........k-............@.........................................................................x...P....................................................................................................................text...(i.......p.................. ..`.rdata..n...........................@..@.data....T.......@..................@....rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:ASCII text
                                                                              Category:dropped
                                                                              Size (bytes):4634
                                                                              Entropy (8bit):5.188773568132433
                                                                              Encrypted:false
                                                                              SSDEEP:96:9TZeep5yuqi1CMzUucscpvqZMhhqYouHmGSGAs4BNOpAwSqjcOaUYR2INdIvcEW/:9TZePGCMzUlHpCuSSHmGFA7BUpAKjcYM
                                                                              MD5:6A189C41A3363A8AE600243C952EDB05
                                                                              SHA1:15980EBB621ED3936B2BCCDF7F2C3294D57219E5
                                                                              SHA-256:ACC3C7E29780AEE7923B101855E25BD53CF6081F7553720F9DCEFE6116EF891C
                                                                              SHA-512:B18297C5E83B22ABB022DDD7622F187BDDEFB7D3E4ECBA0D7FDB65D7926FE0F8107F1DC82005EE4AF9B41C2993888576D60A637AD141F0C7A9BC75DCC00B16D8
                                                                              Malicious:false
                                                                              Preview:var execFile = require('child_process').execFile;.var pathUtils = require('path');../*. * options object (also passed by query()). * target : The path the shortcut points to. * args : The arguments passed to the target as a string. * workingDir : The working directory of the target. * runStyle : State to open the window in: ws.NORMAL (1), ws.MAX (3), or ws.MIN (7). * icon : The path to the shortcut icon file. * iconIndex : An optional index for the image in the icon file. * hotkey : A numerical hotkey. * desc : A description. */..function parseQuery(stdout) {..// Parses the stdout of a shortcut.exe query into a JS object..var result = {};..result.expanded = {};..stdout.split(/[\r\n]+/)....filter(function(line) { return line.indexOf('=') !== -1; })....forEach(function(line) {.....var pair = line.split('=', 2),.....key = pair[0],.....value = pair[1];.....if (key === "TargetPath")......result.target = value;.....else if (key === "TargetPathExpanded")......result.expanded.target = value;..
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):577
                                                                              Entropy (8bit):4.877056753350964
                                                                              Encrypted:false
                                                                              SSDEEP:12:y1CBJ+rLgoPF8i81mbmF2P9nEP7oh1uj7HxY:y1CBJ0cG127oh0q
                                                                              MD5:D35A29EB509D52F43AD8D7D7E57557CA
                                                                              SHA1:73E4A065CFCA688E7F6813AF77BBD5DDB63F7148
                                                                              SHA-256:540B79DE6A1C3583C8255B304849701744A9A640FA45F10B64EC983BE7BD408A
                                                                              SHA-512:B722F588A5E49EB787D0F9AC266F50BACCF5FD3BD9F3023DC70833FB68F84605571FBAF8C459BFDE902C98F4572132FB8590EE03548ED6FD5F53DE5D30D5A90C
                                                                              Malicious:false
                                                                              Preview:{. "name": "windows-shortcuts",. "version": "0.1.6",. "description": "Create, edit, and query Windows shortcuts (.lnk files)",. "license": "MIT",. "author": "j201 <j201.alex@gmail.com> (http://j201.github.io)",. "main": "./lib/windows-shortcuts",. "typings": "./lib/windows-shortcuts.d.ts",. "repository": {. "type": "git",. "url": "git://github.com/j201/windows-shortcuts.git". },. "homepage": "http://github.com/j201/windows-shortcuts",. "devDependencies": {. "signal-exit": "^2.1.2",. "tape": "^4.4.0",. "tmp": "0.0.28",. "touch": "^1.0.0". }.}
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):107520
                                                                              Entropy (8bit):6.442687067441468
                                                                              Encrypted:false
                                                                              SSDEEP:3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
                                                                              MD5:792B92C8AD13C46F27C7CED0810694DF
                                                                              SHA1:D8D449B92DE20A57DF722DF46435BA4553ECC802
                                                                              SHA-256:9B1FBF0C11C520AE714AF8AA9AF12CFD48503EEDECD7398D8992EE94D1B4DC37
                                                                              SHA-512:6C247254DC18ED81213A978CCE2E321D6692848C64307097D2C43432A42F4F4F6D3CF22FB92610DFA8B7B16A5F1D94E9017CF64F88F2D08E79C0FE71A9121E40
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..O..............h.......j.q.....k.....e......e......e.......zR........._...h......h.f.............h......Rich....................PE..L......W............................l........0....@.......................................@....................................P.......x.......................T.......p...............................@............0..$............................text............................... ..`.rdata...k...0...l..................@..@.data...............................@....gfids..............................@..@.rsrc...x...........................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................................
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):267462
                                                                              Entropy (8bit):4.19770221494855
                                                                              Encrypted:false
                                                                              SSDEEP:3072:8LuAqiYp4bhaz8Le7ICHKhsqdzoGq/p2Vy:hiHbhaMAIyAsqxip2Q
                                                                              MD5:6FCB8A6C21A7E76A7BE2DC237B64916F
                                                                              SHA1:893EF10567F7705144F407A6493A96AB341C7CCF
                                                                              SHA-256:2BCEEF4822CA7CC3ADD4A9DCB67C51EFB51C656FCE96A3B840250DE15379959C
                                                                              SHA-512:3B745740BBBE339542EF03FD15DD631FB775E6BF8CA54D6D2B9CEAD3AA5AAFC4CAB49E507BC93641E581412BBEB916A53608D5F5D971EA453779E72D2294DAFB
                                                                              Malicious:false
                                                                              Preview:........a...1.Nk11.8.172.18-electron.0...........................................@..fT...l...........?..a........a........a........ar.......a8.......a............e....f...bf....f..."g....g....g...Bh....h....i...bi....i..."j..(Jb...)L.....@..F^.1..5.`.....(Jb...-P.....@..F^..`.....H...IDa........Db............D`.....-.D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.......................................................................................................................................................................................................................................................................................................................................................................................................
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):626313
                                                                              Entropy (8bit):5.180772010538009
                                                                              Encrypted:false
                                                                              SSDEEP:6144:jMWiyz4J+1OFZAsXbJ8qPOzhXvKwvrBTbvUyMR/GLrOp:j2+lOF4h/DvNHvUiap
                                                                              MD5:1A37F6614FF8799B1C063BC83C157CC3
                                                                              SHA1:8238B9295E1DDE9DE0D6FD20578E82703131A228
                                                                              SHA-256:4FBE07F71B706C2A2948EBA9A6B1979E23C83342B190723A6EC5251B2D6DAD7C
                                                                              SHA-512:6677F65A0E26FDC2CFF6CEF0231F5E5F0713EE7C5CF7F488599A3C7AC3E8365AFAEC10B35D6145EA58D364151D8BCB08308765693A9797EA99B894D6E8224AC7
                                                                              Malicious:false
                                                                              Preview:..........N5<Dk11.8.172.18-electron.0..............................................1....8.......E..........0...a........a........aT.......ar.......a8.......a............e....f...bf....f..."g....g....g...Bh....h....i...bi....i..."j..(Jb...)L.....@..F^.1..5.`.....(Jb...-P.....@..F^..`.....H...IDa........Db............D`.....-.D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L...............................................................................................................................................................................................................................................................................................................................................................................................
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):5180416
                                                                              Entropy (8bit):6.360585559792186
                                                                              Encrypted:false
                                                                              SSDEEP:49152:56h3a0f1ABi1jP9LoS8lne0Zv8EgHI7JXYN3bgFNmEgMYmz2qA0Mr7wsVUsNCOzZ:sh3aMXoSHfPwksHldLiuNr
                                                                              MD5:F16C36AE369609497BFD0847889BEC63
                                                                              SHA1:5DCA218BF0B2A20D7D027FA10FDB1B8152564FE4
                                                                              SHA-256:4488A958418227FBE6F64898C2F85EEFD87FC9E46AEA457233B38DB8A86E944D
                                                                              SHA-512:9F06F4A318C8A3E2FDCCB6D983087184CFF37A2B79E0C1E85B3AC8E45695454C4AACB4468593EBBFFF64739B0D598BA4D1D9DD94187B1BBD82C1369C62781109
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...6..e.........." .....h>......... 17.......................................P...........`A.........................................`J.~.....J.P.....P......0N..g........... P..}....J.......................J.(...@.>.@.............J.P............................text....f>......h>................. ..`.rdata..L.....>......l>.............@..@.data...P....pK......PK.............@....pdata...g...0N..h....L.............@..@.00cfg..8.....O......RN.............@..@.gxfg....-....O......TN.............@..@.retplne......O.......N..................tls....Y.....O.......N.............@..._RDATA..\.....P.......N.............@..@.rsrc.........P.......N.............@..@.reloc...}... P..~....N.............@..B................................................................................................................................................................................
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):106
                                                                              Entropy (8bit):4.724752649036734
                                                                              Encrypted:false
                                                                              SSDEEP:3:YD96WyV18tzsmyXLVi1rTVWSCwW2TJHzeZ18rY:Y8WyV18tAZLVmCwXFiZ18rY
                                                                              MD5:8642DD3A87E2DE6E991FAE08458E302B
                                                                              SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
                                                                              SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
                                                                              SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
                                                                              Malicious:false
                                                                              Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):953856
                                                                              Entropy (8bit):6.582980857445342
                                                                              Encrypted:false
                                                                              SSDEEP:24576:xYWOq/4Kt/Ku8n387ecbFb6Z5WoDYsHY6g3P0zAk7so:xY65/M387R56Z5WoDYsHY6g3P0zAk7s
                                                                              MD5:0A8150E85160EA4311DDBD5B2D1B0B1B
                                                                              SHA1:A012B8886EC9F305FF4A055CCDDD5FC1F6045869
                                                                              SHA-256:0D56A41BEAD58FD5FEE44B2EE60485D4C80A3A639ACC42CFC57C8E059078DFE0
                                                                              SHA-512:D2D853D072AE7AC6871C880F164EEAA6300D9F951DE3AACB4D65195407AA4A1EF18B9BEAE14B7EDA0936E4FCA5FB56B65038370D8E349893F3C8027526415921
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...6..e.........." .........................................................0............`A........................................p...<!...3..P............ ...s........... ..L...............................(...@...@............7...............................text.............................. ..`.rdata..............................@..@.data...(M....... ..................@....pdata...s... ...t..................@..@.00cfg..8............J..............@..@.gxfg...P).......*...L..............@..@.retplne.............v...................tls.................x..............@..._RDATA..\............z..............@..@.rsrc................|..............@..@.reloc..L.... ......................@..B................................................................................................................................................................................
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):9216
                                                                              Entropy (8bit):5.530278822198483
                                                                              Encrypted:false
                                                                              SSDEEP:192:VdkEgnuqkdVMvy7/xcfK4PRef6gQzYet89A2:Vdkbn4VMvy7UKcef6XzHAA2
                                                                              MD5:4287DBF2AD9E000D8653137470528FB7
                                                                              SHA1:D488EA09A1C35F9D773195B3CBDBB20E4878C0A4
                                                                              SHA-256:35A523FE649201442C9FA00D875CF9ACF8CED7C11347726CC0C6DF5B0EDA9F95
                                                                              SHA-512:E5DAFA93600E9C1E994B4E0131B841B2E14F76D874875926F90F1F1C2CFD9E2CAA374A1F584594F41E4FEB0C06E93115E9FA23237DBC31D3E1C208AD8D0CF58A
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../../../..Wy./../../....../..Wi./..Wx./..W~./..W{./..Rich./..................PE..L...V{mW...........!................p!.......0...............................p............@.........................P5..o...$1..P....P.......................`.......................................................0...............................text............................... ..`.rdata.......0......................@..@.data........@......................@....rsrc........P......................@..@.reloc..d....`....... ..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):95744
                                                                              Entropy (8bit):6.8710970946240435
                                                                              Encrypted:false
                                                                              SSDEEP:1536:fn3DhuJJT35gGtLjbMGCDsTF7RqXqOGrgCf46qKn6LJ8Lr7f59aguhrAPfKS:fnNuJJT35gGtjMhDsTF7RqXqf8ZQEwy
                                                                              MD5:21D805663834F61CB443545B8883FAF2
                                                                              SHA1:B222C5CA1E4CB8A7BFF7EB7B78D46B8D99BF71E1
                                                                              SHA-256:C18B46A68436D164C964BA9B208E5C27CCC50E6A5A2DB115E8FB086663B5308F
                                                                              SHA-512:37836150EF2837F69B82399024D0B93DBDAC992971C7FE7B50959107C0520F5874D45F4230F08554514E3BD6A76D6E35C55C8AFD53F993ABA18F77475EF02001
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@L...-rM.-rM.-rM.U.M.-rM.U.M.-rM.-sMh-rMk2vM.-rM.1|M.-rMP.BM.-rM...M.-rM...M.-rM...M.-rM...M.-rMRich.-rM................PE..L...D..[...........!....."...P...............@......................................dW....@..........................k..d...<b..........X............................................................................@...............................text....!.......".................. ..`.rdata...1...@...2...&..............@..@.data...<............X..............@....rsrc...X............^..............@..@.reloc..:............d..............@..B................................................................................................................................................................................................................................................................................................................
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):11776
                                                                              Entropy (8bit):5.825582780706362
                                                                              Encrypted:false
                                                                              SSDEEP:192:yPtkiQJr7V9r3Ftr87NfwXQ6whlgi62V7i77blbTc4DI:N7Vxr8IgLgi3sVc4
                                                                              MD5:FBE295E5A1ACFBD0A6271898F885FE6A
                                                                              SHA1:D6D205922E61635472EFB13C2BB92C9AC6CB96DA
                                                                              SHA-256:A1390A78533C47E55CC364E97AF431117126D04A7FAED49390210EA3E89DD0E1
                                                                              SHA-512:2CB596971E504EAF1CE8E3F09719EBFB3F6234CEA5CA7B0D33EC7500832FF4B97EC2BBE15A1FBF7E6A5B02C59DB824092B9562CD8991F4D027FEAB6FD3177B06
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ir*.-.D.-.D.-.D...J.*.D.-.E.>.D.....*.D.y0t.).D.N1n.,.D..3@.,.D.Rich-.D.........PE..L....~.\...........!..... ...........(.......0...............................`............@..........................2.......0..P............................P.......................................................0..X............................text...O........ .................. ..`.rdata..c....0.......$..............@..@.data...h....@.......(..............@....reloc..|....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:7-zip archive data, version 0.4
                                                                              Category:dropped
                                                                              Size (bytes):79732311
                                                                              Entropy (8bit):7.999995366647166
                                                                              Encrypted:true
                                                                              SSDEEP:1572864:V+BWqL9BHWFoNfUwbzu3YkHCtGD/v0778GxZE/vXJU7cg33NqRcw9fDE:8B1mEcwbWaGD/c7uP+9NqRhi
                                                                              MD5:F4BA303BBD2991FEF3CB62103E07A8BA
                                                                              SHA1:478A890EE26FF752134FE61881E8AC3D65BEABEA
                                                                              SHA-256:04C7E564C1AAEBDCFA827E9B90C7B26ACFACB6CDDF8EAA2DAB4FF770AA7D166F
                                                                              SHA-512:5E838B318CFA75572DF8747EEA778601D2A7424B5B8E91CD0DD9CDD2244572AF4C257A17D6341610803BE5A6FF9667530572DE90AADFD3C70FBCCD78FBD51D93
                                                                              Malicious:false
                                                                              Preview:7z..'...T2..........%........)......]...6...-g../B.&.....M.yC.._.MF........].(.vF.7...E....7.[;.R.a......7...M...;{.....P...+..Dh.:m...L=F.`Z...el.X.DX.....L..pN...>.A.|1.p.!PE..7.T\.F!....%.".....;..z|x.%r.....6.j..m......S.H\..f2.=......7..s..c...........q..um...G....%[e./^U.y..........{.o+.K.....I.4..0..j0..0<......B.2|......(.E...{..R.,.@..2.u.f..Z..+:...`.lA...;`....<....7.0kT. L._l.~>...Z"....~.B"......1~s.'9%...5U.V&~...^........c...]Lm.....C<....z..riF..>...<.6^.pRu.6.fc .ZI...R:`..@y{..i6...5.iRm.:.T....U.JN.....#.UJ.;d...x3..c>. ..n..}G.7.[.M.1...fTiV...I..a>......I......g..Q...@{..@z.s....3.Y...C}F+;...y..5..R......k;D....+4....d.-.....LQ..j.K.%..f.)....u.$..1I.4..J...Z:..Q_....C.{.k.|.'...x..tW.......3..].;..E.[a.;.1.z".X._..a.iT7}....^..z'R..o....E..{C.o...p.P...2%.b.....cWV.d<UqL?.mz..1....@...t.@....5.f....8.$..XH...SE.]...O.8tV..g.(.M.t.(B\...<...fZ...^w*0.<...n.++.Y....C.->.......0,0.m.w..dX....e..M..Qx.B.7.s.....H.y?lU.._...
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):6656
                                                                              Entropy (8bit):4.997724806443559
                                                                              Encrypted:false
                                                                              SSDEEP:96:17GUxNkO6GR0t9GKKr1Zd8NHYVVHp4dEeY3kRnHdMqqyVgNT3e:5XhHR0aTQN4gRHdMqJVgNa
                                                                              MD5:50BA20CAD29399E2DB9FA75A1324BD1D
                                                                              SHA1:3850634BB15A112623222972EF554C8D1ECA16F4
                                                                              SHA-256:E7B145ABC7C519E6BD91DC06B7B83D1E73735AC1AC37D30A7889840A6EED38FC
                                                                              SHA-512:893E053FCB0A2D3742E2B13B869941A3A485B2BDA3A92567F84190CB1BE170B67D20CC71C6A2CB92F4202140C8AFD9C40A358496947D709E0C4B68D43A368754
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........d..7..7..7..7..7,..7..7..7..7..7..7Rich..7........PE..L....~.\...........!......................... ...............................P............@..........................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata..,.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                              Process:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                              Category:dropped
                                                                              Size (bytes):446464
                                                                              Entropy (8bit):6.5897298243131495
                                                                              Encrypted:false
                                                                              SSDEEP:6144:VQ+kwWa/1NfQWLv6rGnrpJJ7OELbg8reLy2dbJUa4xk+N9/2itUirbeaY:VvW0tLBp1cIeOwJL4xT/F5bY
                                                                              MD5:D7778720208A94E2049972FB7A1E0637
                                                                              SHA1:080D607B10F93C839EC3F07FAEC3548BB78AC4DC
                                                                              SHA-256:98F425F30E42E85F57E039356E30D929E878FDB551E67ABFB9F71C31EEB5D44E
                                                                              SHA-512:98493EA271738ED6BA3A02DE774DEEF267BFA3C16F3736F1A1A3856B9FECC07F0EA8670827E7EB4ED05C907E96425A0C762E7010CB55A09302CA3CFB3FE44B2B
                                                                              Malicious:false
                                                                              Antivirus:
                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......L]7a.<Y2.<Y2.<Y2mZZ3.<Y2mZ\3.<Y2ZT\3+<Y2ZT]3.<Y2ZTZ3.<Y2mZ]3.<Y2mZX3.<Y2.<X2.<Y2.U]3#<Y2.U\3.<Y2.UY3.<Y2.U.2.<Y2.<.2.<Y2.U[3.<Y2Rich.<Y2........................PE..L.....\...........!.....2...........,.......P...............................p............@..........................n.......o..d............................ ...H..................................0...@............P..@............................text....1.......2.................. ..`.rdata..\+...P...,...6..............@..@.data...p........ ...b..............@....rsrc...............................@..@.reloc...H... ...J..................@..B........................................................................................................................................................................................................................................................................
                                                                              Process:C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):434
                                                                              Entropy (8bit):5.671422722918055
                                                                              Encrypted:false
                                                                              SSDEEP:12:YKWSCuj9rrt+HWsikd2ILknKm8cwyFnPXxRZdC1Yu:YKWJu5rrtHEMaNyFnPXxp2H
                                                                              MD5:0717B5353E2FD0C673D72DAE2A9AA402
                                                                              SHA1:C793BD4A4DDE2E5023323500480A0CE3110180B7
                                                                              SHA-256:344A70465ED656C24B20F3A5A8F6F2A1C3E525FE3CEB3F26E218397637B695AE
                                                                              SHA-512:E147DD86B2AB614A8B2E21D84FF8273E7CDF0BC0FC563F9D3F0F201B059838A2BFC35509DC232F2FD90C88D2D88415FACE9E081CAC7E280BDFACBF6F3F176579
                                                                              Malicious:false
                                                                              Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA7AsWvB/j8TZd204PExxClEAAAABIAAABDAGgAcgBvAG0AaQB1AG0AAAAQZgAAAAEAACAAAABHAq5zcVE8rH4bHKMx3eCWP0IQgi4g/Yz/nAgiOwICngAAAAAOgAAAAAIAACAAAADrsz6yuf/pbJ9QTMPOlCZ2l767Ncy4qZpaP8Erg2qFjzAAAAC5URoIuxgObIVW58XfnNDsGSY5/5S9xFZupE2T/dHucXeLvW1hYFANtQlmp9CdbydAAAAA9PPC9CxhKdSBfAsxoon5cevQeX0lifbbVJgaeH10jCvjirvufnRKL0XVizmgjbQ5e3YCyD+1ZwJUVRRKGaDc5g=="}}
                                                                              Process:C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe
                                                                              File Type:JSON data
                                                                              Category:dropped
                                                                              Size (bytes):434
                                                                              Entropy (8bit):5.671422722918055
                                                                              Encrypted:false
                                                                              SSDEEP:12:YKWSCuj9rrt+HWsikd2ILknKm8cwyFnPXxRZdC1Yu:YKWJu5rrtHEMaNyFnPXxp2H
                                                                              MD5:0717B5353E2FD0C673D72DAE2A9AA402
                                                                              SHA1:C793BD4A4DDE2E5023323500480A0CE3110180B7
                                                                              SHA-256:344A70465ED656C24B20F3A5A8F6F2A1C3E525FE3CEB3F26E218397637B695AE
                                                                              SHA-512:E147DD86B2AB614A8B2E21D84FF8273E7CDF0BC0FC563F9D3F0F201B059838A2BFC35509DC232F2FD90C88D2D88415FACE9E081CAC7E280BDFACBF6F3F176579
                                                                              Malicious:false
                                                                              Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAA7AsWvB/j8TZd204PExxClEAAAABIAAABDAGgAcgBvAG0AaQB1AG0AAAAQZgAAAAEAACAAAABHAq5zcVE8rH4bHKMx3eCWP0IQgi4g/Yz/nAgiOwICngAAAAAOgAAAAAIAACAAAADrsz6yuf/pbJ9QTMPOlCZ2l767Ncy4qZpaP8Erg2qFjzAAAAC5URoIuxgObIVW58XfnNDsGSY5/5S9xFZupE2T/dHucXeLvW1hYFANtQlmp9CdbydAAAAA9PPC9CxhKdSBfAsxoon5cevQeX0lifbbVJgaeH10jCvjirvufnRKL0XVizmgjbQ5e3YCyD+1ZwJUVRRKGaDc5g=="}}
                                                                              Process:C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exe
                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Aug 6 21:07:21 2024, mtime=Tue Aug 6 21:07:29 2024, atime=Sun Jun 30 16:55:04 2024, length=172671488, window=hide
                                                                              Category:dropped
                                                                              Size (bytes):1224
                                                                              Entropy (8bit):4.985579257401614
                                                                              Encrypted:false
                                                                              SSDEEP:24:8yZg3amRz/uMbfUYIjKsAfAJfTHGcmA/VhjqyFm:8sgRRrFfUYANAoxrGcmAtwyF
                                                                              MD5:4B183DBA0A86DD06678948CBB913142A
                                                                              SHA1:6CB3B52C26600DEAE20B63E9B7003923989C07DF
                                                                              SHA-256:7B8C9DFFC47A9F79E234BFDE73A4B7021BF41FB9F7B734B0163CF9D8E4538F0E
                                                                              SHA-512:9F5B8CBB857DB47276ADA0F571F931987DAEC6214A85626660B3782325D7362CEEC7210366465E5BA5DBBCCDA61F4D7A3E65ADD9FD2E86E223F8A4800370BA03
                                                                              Malicious:false
                                                                              Preview:L..................F.... .....f.M...A.u.M.....~.r.....J.....................8.:..DG..Yr?.D..U..k0.&...&......vk.v........L......M.......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^.Y............................%..A.p.p.D.a.t.a...B.P.1......Y...Local.<......CW.^.Y.....b......................=..L.o.c.a.l.....Z.1......Y...Programs..B.......Y..Y...............................P.r.o.g.r.a.m.s.....b.1......Y...KYRAZO~1..J.......Y..Y...............................K.y.r.a.z.o.n.G.o.d.o.t.....n.2...J..X. .KYRAZO~1.EXE..R.......Y..Y......4........................K.y.r.a.z.o.n.G.o.d.o.t...e.x.e.......r...............-.......q...................C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe..>.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.P.r.o.g.r.a.m.s.\.K.y.r.a.z.o.n.G.o.d.o.t.\.K.y.r.a.z.o.n.G.o.d.o.t...e.x.e.........|....I.J.H..K..:...`.......X.......878411...........hT..CrF.f4... ..T..b...,.......hT..CrF.f4... ..T..b
                                                                              Process:C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):32768
                                                                              Entropy (8bit):0.017262956703125623
                                                                              Encrypted:false
                                                                              SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                              MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                              SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                              SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                              SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                              Malicious:false
                                                                              Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                              Entropy (8bit):7.9999896835153494
                                                                              TrID:
                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                              File name:KyrazonSetup.exe
                                                                              File size:80'239'576 bytes
                                                                              MD5:7a84bbeade50e7110fe8d278dc22b92d
                                                                              SHA1:9624dde2043059402cc1f729684ecc2f9a424eef
                                                                              SHA256:c765f61cee33c326acc4ea19256267c35129a1ec7edb567fe0b5ed9a88e3d6b1
                                                                              SHA512:b5ca02ca5e7c493a400214bb573b8d26da4129edec880e807ca198dbfab5b1bb70cae00e63eacc4c2f17b175194e0af353eda500442788a0ada82e019b78095d
                                                                              SSDEEP:1572864:F+BWqL9BHWFoNfUwbzu3YkHCtGD/v0778GxZE/vXJU7cg33NqRcw9fDv:MB1mEcwbWaGD/c7uP+9NqRhV
                                                                              TLSH:830833B777A9946DD2017B7B248379A0027E70DB4314B67F4F0D31AC48AAD667C2EB60
                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F...v...F...@...F.Rich..F.........................PE..L......\.................d....... .
                                                                              Icon Hash:adaeb397f36b6331
                                                                              Entrypoint:0x40320c
                                                                              Entrypoint Section:.text
                                                                              Digitally signed:false
                                                                              Imagebase:0x400000
                                                                              Subsystem:windows gui
                                                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                              Time Stamp:0x5C157F8F [Sat Dec 15 22:26:23 2018 UTC]
                                                                              TLS Callbacks:
                                                                              CLR (.Net) Version:
                                                                              OS Version Major:4
                                                                              OS Version Minor:0
                                                                              File Version Major:4
                                                                              File Version Minor:0
                                                                              Subsystem Version Major:4
                                                                              Subsystem Version Minor:0
                                                                              Import Hash:3abe302b6d9a1256e6a915429af4ffd2
                                                                              Instruction
                                                                              sub esp, 00000184h
                                                                              push ebx
                                                                              push esi
                                                                              push edi
                                                                              xor ebx, ebx
                                                                              push 00008001h
                                                                              mov dword ptr [esp+18h], ebx
                                                                              mov dword ptr [esp+10h], 0040A198h
                                                                              mov dword ptr [esp+20h], ebx
                                                                              mov byte ptr [esp+14h], 00000020h
                                                                              call dword ptr [004080A0h]
                                                                              call dword ptr [0040809Ch]
                                                                              and eax, BFFFFFFFh
                                                                              cmp ax, 00000006h
                                                                              mov dword ptr [0045240Ch], eax
                                                                              je 00007F95AD457AA3h
                                                                              push ebx
                                                                              call 00007F95AD45AB7Ah
                                                                              cmp eax, ebx
                                                                              je 00007F95AD457A99h
                                                                              push 00000C00h
                                                                              call eax
                                                                              mov esi, 00408298h
                                                                              push esi
                                                                              call 00007F95AD45AAF6h
                                                                              push esi
                                                                              call dword ptr [00408098h]
                                                                              lea esi, dword ptr [esi+eax+01h]
                                                                              cmp byte ptr [esi], bl
                                                                              jne 00007F95AD457A7Dh
                                                                              push 0000000Ah
                                                                              call 00007F95AD45AB4Eh
                                                                              push 00000008h
                                                                              call 00007F95AD45AB47h
                                                                              push 00000006h
                                                                              mov dword ptr [00452404h], eax
                                                                              call 00007F95AD45AB3Bh
                                                                              cmp eax, ebx
                                                                              je 00007F95AD457AA1h
                                                                              push 0000001Eh
                                                                              call eax
                                                                              test eax, eax
                                                                              je 00007F95AD457A99h
                                                                              or byte ptr [0045240Fh], 00000040h
                                                                              push ebp
                                                                              call dword ptr [00408044h]
                                                                              push ebx
                                                                              call dword ptr [00408288h]
                                                                              mov dword ptr [004524D8h], eax
                                                                              push ebx
                                                                              lea eax, dword ptr [esp+38h]
                                                                              push 00000160h
                                                                              push eax
                                                                              push ebx
                                                                              push 00434030h
                                                                              call dword ptr [00408178h]
                                                                              push 0040A188h
                                                                              Programming Language:
                                                                              • [EXP] VC++ 6.0 SP5 build 8804
                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x853c0xa0.rdata
                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xe50000x9bc0.rsrc
                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x80000x298.rdata
                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                              .text0x10000x628f0x6400547c212779a9000b5c1f9c5c5e58bb70False0.6705859375data6.431188612581397IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                              .rdata0x80000x135c0x1400b27ba0846d4bbf5bff764f5a5c418a97False0.4611328125data5.240043476337556IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                              .data0xa0000x485180x600aa19af09b29590d8b5ccead2c77eb317False0.4537760416666667data4.044766712062166IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                              .ndata0x530000x920000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                              .rsrc0xe50000x9bc00x9c004e0ddf2bb9608e024e5129c4f8b69cb6False0.9537760416666666data7.829966589485731IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                              RT_ICON0xe51d80x8f8dPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9947209447876133
                                                                              RT_DIALOG0xee1680x202dataEnglishUnited States0.4085603112840467
                                                                              RT_DIALOG0xee3700xf8dataEnglishUnited States0.6290322580645161
                                                                              RT_DIALOG0xee4680xeedataEnglishUnited States0.6260504201680672
                                                                              RT_GROUP_ICON0xee5580x14dataEnglishUnited States1.05
                                                                              RT_VERSION0xee5700x228dataEnglishUnited States0.4945652173913043
                                                                              RT_MANIFEST0xee7980x423XML 1.0 document, ASCII text, with very long lines (1059), with no line terminatorsEnglishUnited States0.5127478753541076
                                                                              DLLImport
                                                                              KERNEL32.dllGetTempPathA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetEnvironmentVariableA, Sleep, GetTickCount, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GetWindowsDirectoryA, SetCurrentDirectoryA, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, GetExitCodeProcess, WaitForSingleObject, CompareFileTime, SetFileAttributesA, GetFileAttributesA, GetShortPathNameA, MoveFileA, GetFullPathNameA, SetFileTime, SearchPathA, CloseHandle, lstrcmpiA, CreateThread, GlobalLock, lstrcmpA, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, GetPrivateProfileStringA, FindClose, MultiByteToWideChar, FreeLibrary, MulDiv, WritePrivateProfileStringA, LoadLibraryExA, GetModuleHandleA, GlobalAlloc, GlobalFree, ExpandEnvironmentStringsA
                                                                              USER32.dllScreenToClient, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, PostQuitMessage, GetWindowRect, EnableMenuItem, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, GetDC, CreateDialogParamA, SetTimer, GetDlgItem, SetWindowLongA, SetForegroundWindow, LoadImageA, IsWindow, SendMessageTimeoutA, FindWindowExA, OpenClipboard, TrackPopupMenu, AppendMenuA, EndPaint, DestroyWindow, wsprintfA, ShowWindow, SetWindowTextA
                                                                              GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                              SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA
                                                                              ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExA, RegOpenKeyExA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, RegEnumValueA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                                              COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                              ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance
                                                                              Language of compilation systemCountry where language is spokenMap
                                                                              EnglishUnited States
                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              Aug 7, 2024 00:07:45.606456995 CEST49742443192.168.2.4172.64.41.3
                                                                              Aug 7, 2024 00:07:45.606509924 CEST44349742172.64.41.3192.168.2.4
                                                                              Aug 7, 2024 00:07:45.606693029 CEST49742443192.168.2.4172.64.41.3
                                                                              Aug 7, 2024 00:07:45.623356104 CEST49742443192.168.2.4172.64.41.3
                                                                              Aug 7, 2024 00:07:45.623415947 CEST44349742172.64.41.3192.168.2.4
                                                                              Aug 7, 2024 00:07:46.091222048 CEST44349742172.64.41.3192.168.2.4
                                                                              Aug 7, 2024 00:07:46.098006964 CEST49742443192.168.2.4172.64.41.3
                                                                              Aug 7, 2024 00:07:46.098027945 CEST44349742172.64.41.3192.168.2.4
                                                                              Aug 7, 2024 00:07:46.099689960 CEST44349742172.64.41.3192.168.2.4
                                                                              Aug 7, 2024 00:07:46.099791050 CEST49742443192.168.2.4172.64.41.3
                                                                              Aug 7, 2024 00:07:46.103408098 CEST49742443192.168.2.4172.64.41.3
                                                                              Aug 7, 2024 00:07:46.103598118 CEST44349742172.64.41.3192.168.2.4
                                                                              Aug 7, 2024 00:07:46.103709936 CEST49742443192.168.2.4172.64.41.3
                                                                              Aug 7, 2024 00:07:46.103718042 CEST44349742172.64.41.3192.168.2.4
                                                                              Aug 7, 2024 00:07:46.183119059 CEST49742443192.168.2.4172.64.41.3
                                                                              Aug 7, 2024 00:07:46.223973989 CEST44349742172.64.41.3192.168.2.4
                                                                              Aug 7, 2024 00:07:46.224174023 CEST44349742172.64.41.3192.168.2.4
                                                                              Aug 7, 2024 00:07:46.224359989 CEST49742443192.168.2.4172.64.41.3
                                                                              Aug 7, 2024 00:07:46.226111889 CEST49742443192.168.2.4172.64.41.3
                                                                              Aug 7, 2024 00:07:46.226134062 CEST44349742172.64.41.3192.168.2.4
                                                                              Aug 7, 2024 00:07:50.359970093 CEST49743443192.168.2.4162.159.61.3
                                                                              Aug 7, 2024 00:07:50.360059977 CEST44349743162.159.61.3192.168.2.4
                                                                              Aug 7, 2024 00:07:50.360151052 CEST49743443192.168.2.4162.159.61.3
                                                                              Aug 7, 2024 00:07:50.375665903 CEST49743443192.168.2.4162.159.61.3
                                                                              Aug 7, 2024 00:07:50.375750065 CEST44349743162.159.61.3192.168.2.4
                                                                              Aug 7, 2024 00:07:51.010443926 CEST44349743162.159.61.3192.168.2.4
                                                                              Aug 7, 2024 00:07:51.012661934 CEST49743443192.168.2.4162.159.61.3
                                                                              Aug 7, 2024 00:07:51.012682915 CEST44349743162.159.61.3192.168.2.4
                                                                              Aug 7, 2024 00:07:51.014318943 CEST44349743162.159.61.3192.168.2.4
                                                                              Aug 7, 2024 00:07:51.014381886 CEST49743443192.168.2.4162.159.61.3
                                                                              Aug 7, 2024 00:07:51.017294884 CEST49743443192.168.2.4162.159.61.3
                                                                              Aug 7, 2024 00:07:51.017369032 CEST44349743162.159.61.3192.168.2.4
                                                                              Aug 7, 2024 00:07:51.112562895 CEST49743443192.168.2.4162.159.61.3
                                                                              Aug 7, 2024 00:07:51.112579107 CEST44349743162.159.61.3192.168.2.4
                                                                              Aug 7, 2024 00:07:51.245522022 CEST49743443192.168.2.4162.159.61.3
                                                                              Aug 7, 2024 00:08:05.919029951 CEST44349743162.159.61.3192.168.2.4
                                                                              Aug 7, 2024 00:08:05.919217110 CEST44349743162.159.61.3192.168.2.4
                                                                              Aug 7, 2024 00:08:05.919426918 CEST49743443192.168.2.4162.159.61.3
                                                                              Aug 7, 2024 00:08:39.558712959 CEST4974580192.168.2.492.246.138.20
                                                                              Aug 7, 2024 00:08:39.564084053 CEST804974592.246.138.20192.168.2.4
                                                                              Aug 7, 2024 00:08:39.566514969 CEST4974580192.168.2.492.246.138.20
                                                                              Aug 7, 2024 00:08:39.566921949 CEST4974580192.168.2.492.246.138.20
                                                                              Aug 7, 2024 00:08:39.567004919 CEST4974580192.168.2.492.246.138.20
                                                                              Aug 7, 2024 00:08:39.572202921 CEST804974592.246.138.20192.168.2.4
                                                                              Aug 7, 2024 00:08:39.572235107 CEST804974592.246.138.20192.168.2.4
                                                                              Aug 7, 2024 00:08:39.572264910 CEST804974592.246.138.20192.168.2.4
                                                                              Aug 7, 2024 00:08:39.572292089 CEST804974592.246.138.20192.168.2.4
                                                                              Aug 7, 2024 00:08:40.195528030 CEST804974592.246.138.20192.168.2.4
                                                                              Aug 7, 2024 00:08:40.195607901 CEST804974592.246.138.20192.168.2.4
                                                                              Aug 7, 2024 00:08:40.195679903 CEST4974580192.168.2.492.246.138.20
                                                                              Aug 7, 2024 00:08:40.200604916 CEST4974580192.168.2.492.246.138.20
                                                                              Aug 7, 2024 00:08:40.205539942 CEST804974592.246.138.20192.168.2.4
                                                                              Aug 7, 2024 00:08:40.256095886 CEST49746443192.168.2.4194.15.112.248
                                                                              Aug 7, 2024 00:08:40.256200075 CEST44349746194.15.112.248192.168.2.4
                                                                              Aug 7, 2024 00:08:40.256270885 CEST49746443192.168.2.4194.15.112.248
                                                                              Aug 7, 2024 00:08:40.256659031 CEST49746443192.168.2.4194.15.112.248
                                                                              Aug 7, 2024 00:08:40.256674051 CEST44349746194.15.112.248192.168.2.4
                                                                              Aug 7, 2024 00:08:41.196276903 CEST44349746194.15.112.248192.168.2.4
                                                                              Aug 7, 2024 00:08:41.202528954 CEST49746443192.168.2.4194.15.112.248
                                                                              Aug 7, 2024 00:08:41.202572107 CEST44349746194.15.112.248192.168.2.4
                                                                              Aug 7, 2024 00:08:41.204128981 CEST44349746194.15.112.248192.168.2.4
                                                                              Aug 7, 2024 00:08:41.204365969 CEST49746443192.168.2.4194.15.112.248
                                                                              Aug 7, 2024 00:08:41.206356049 CEST49746443192.168.2.4194.15.112.248
                                                                              Aug 7, 2024 00:08:41.206419945 CEST44349746194.15.112.248192.168.2.4
                                                                              Aug 7, 2024 00:08:41.206638098 CEST49746443192.168.2.4194.15.112.248
                                                                              Aug 7, 2024 00:08:41.206643105 CEST44349746194.15.112.248192.168.2.4
                                                                              Aug 7, 2024 00:08:41.206751108 CEST49746443192.168.2.4194.15.112.248
                                                                              Aug 7, 2024 00:08:41.233874083 CEST49747443192.168.2.4193.37.215.73
                                                                              Aug 7, 2024 00:08:41.233972073 CEST44349747193.37.215.73192.168.2.4
                                                                              Aug 7, 2024 00:08:41.234150887 CEST49747443192.168.2.4193.37.215.73
                                                                              Aug 7, 2024 00:08:41.234549999 CEST49747443192.168.2.4193.37.215.73
                                                                              Aug 7, 2024 00:08:41.234586000 CEST44349747193.37.215.73192.168.2.4
                                                                              Aug 7, 2024 00:08:41.928914070 CEST44349747193.37.215.73192.168.2.4
                                                                              Aug 7, 2024 00:08:41.929358959 CEST49747443192.168.2.4193.37.215.73
                                                                              Aug 7, 2024 00:08:41.929413080 CEST44349747193.37.215.73192.168.2.4
                                                                              Aug 7, 2024 00:08:41.930516958 CEST44349747193.37.215.73192.168.2.4
                                                                              Aug 7, 2024 00:08:41.930589914 CEST49747443192.168.2.4193.37.215.73
                                                                              Aug 7, 2024 00:08:41.931407928 CEST49747443192.168.2.4193.37.215.73
                                                                              Aug 7, 2024 00:08:41.931457043 CEST44349747193.37.215.73192.168.2.4
                                                                              Aug 7, 2024 00:08:41.931519985 CEST49747443192.168.2.4193.37.215.73
                                                                              Aug 7, 2024 00:08:41.945476055 CEST49748443192.168.2.451.38.43.18
                                                                              Aug 7, 2024 00:08:41.945533991 CEST4434974851.38.43.18192.168.2.4
                                                                              Aug 7, 2024 00:08:41.945772886 CEST49748443192.168.2.451.38.43.18
                                                                              Aug 7, 2024 00:08:41.945966959 CEST49748443192.168.2.451.38.43.18
                                                                              Aug 7, 2024 00:08:41.945997953 CEST4434974851.38.43.18192.168.2.4
                                                                              Aug 7, 2024 00:08:42.121618032 CEST4974980192.168.2.492.246.138.20
                                                                              Aug 7, 2024 00:08:42.126903057 CEST804974992.246.138.20192.168.2.4
                                                                              Aug 7, 2024 00:08:42.126990080 CEST4974980192.168.2.492.246.138.20
                                                                              Aug 7, 2024 00:08:42.127584934 CEST4974980192.168.2.492.246.138.20
                                                                              Aug 7, 2024 00:08:42.127669096 CEST4974980192.168.2.492.246.138.20
                                                                              Aug 7, 2024 00:08:42.128262043 CEST4974980192.168.2.492.246.138.20
                                                                              Aug 7, 2024 00:08:42.132540941 CEST804974992.246.138.20192.168.2.4
                                                                              Aug 7, 2024 00:08:42.132570982 CEST804974992.246.138.20192.168.2.4
                                                                              Aug 7, 2024 00:08:42.132603884 CEST804974992.246.138.20192.168.2.4
                                                                              Aug 7, 2024 00:08:42.132824898 CEST804974992.246.138.20192.168.2.4
                                                                              Aug 7, 2024 00:08:42.133200884 CEST804974992.246.138.20192.168.2.4
                                                                              Aug 7, 2024 00:08:42.579745054 CEST4434974851.38.43.18192.168.2.4
                                                                              Aug 7, 2024 00:08:42.603821039 CEST49748443192.168.2.451.38.43.18
                                                                              Aug 7, 2024 00:08:42.603854895 CEST4434974851.38.43.18192.168.2.4
                                                                              Aug 7, 2024 00:08:42.607666016 CEST4434974851.38.43.18192.168.2.4
                                                                              Aug 7, 2024 00:08:42.607789040 CEST49748443192.168.2.451.38.43.18
                                                                              Aug 7, 2024 00:08:42.608685970 CEST49748443192.168.2.451.38.43.18
                                                                              Aug 7, 2024 00:08:42.608761072 CEST4434974851.38.43.18192.168.2.4
                                                                              Aug 7, 2024 00:08:42.608813047 CEST49748443192.168.2.451.38.43.18
                                                                              Aug 7, 2024 00:08:42.622421026 CEST49750443192.168.2.445.55.107.24
                                                                              Aug 7, 2024 00:08:42.622452021 CEST4434975045.55.107.24192.168.2.4
                                                                              Aug 7, 2024 00:08:42.622515917 CEST49750443192.168.2.445.55.107.24
                                                                              Aug 7, 2024 00:08:42.622845888 CEST49750443192.168.2.445.55.107.24
                                                                              Aug 7, 2024 00:08:42.622864008 CEST4434975045.55.107.24192.168.2.4
                                                                              Aug 7, 2024 00:08:42.712011099 CEST804974992.246.138.20192.168.2.4
                                                                              Aug 7, 2024 00:08:42.712071896 CEST804974992.246.138.20192.168.2.4
                                                                              Aug 7, 2024 00:08:42.712228060 CEST4974980192.168.2.492.246.138.20
                                                                              Aug 7, 2024 00:08:42.716382980 CEST4974980192.168.2.492.246.138.20
                                                                              Aug 7, 2024 00:08:42.721278906 CEST804974992.246.138.20192.168.2.4
                                                                              Aug 7, 2024 00:08:42.741422892 CEST49751443192.168.2.4194.15.112.248
                                                                              Aug 7, 2024 00:08:42.741482973 CEST44349751194.15.112.248192.168.2.4
                                                                              Aug 7, 2024 00:08:42.741561890 CEST49751443192.168.2.4194.15.112.248
                                                                              Aug 7, 2024 00:08:42.742070913 CEST49751443192.168.2.4194.15.112.248
                                                                              Aug 7, 2024 00:08:42.742100954 CEST44349751194.15.112.248192.168.2.4
                                                                              Aug 7, 2024 00:08:43.089659929 CEST4434975045.55.107.24192.168.2.4
                                                                              Aug 7, 2024 00:08:43.090039015 CEST49750443192.168.2.445.55.107.24
                                                                              Aug 7, 2024 00:08:43.090071917 CEST4434975045.55.107.24192.168.2.4
                                                                              Aug 7, 2024 00:08:43.091200113 CEST4434975045.55.107.24192.168.2.4
                                                                              Aug 7, 2024 00:08:43.091269970 CEST49750443192.168.2.445.55.107.24
                                                                              Aug 7, 2024 00:08:43.092060089 CEST49750443192.168.2.445.55.107.24
                                                                              Aug 7, 2024 00:08:43.092098951 CEST4434975045.55.107.24192.168.2.4
                                                                              Aug 7, 2024 00:08:43.092226028 CEST4434975045.55.107.24192.168.2.4
                                                                              Aug 7, 2024 00:08:43.092273951 CEST49750443192.168.2.445.55.107.24
                                                                              Aug 7, 2024 00:08:43.092293024 CEST49750443192.168.2.445.55.107.24
                                                                              Aug 7, 2024 00:08:43.148686886 CEST49752443192.168.2.4162.159.135.232
                                                                              Aug 7, 2024 00:08:43.148714066 CEST44349752162.159.135.232192.168.2.4
                                                                              Aug 7, 2024 00:08:43.148859978 CEST49752443192.168.2.4162.159.135.232
                                                                              Aug 7, 2024 00:08:43.149194002 CEST49752443192.168.2.4162.159.135.232
                                                                              Aug 7, 2024 00:08:43.149208069 CEST44349752162.159.135.232192.168.2.4
                                                                              Aug 7, 2024 00:08:43.617384911 CEST44349752162.159.135.232192.168.2.4
                                                                              Aug 7, 2024 00:08:43.617748976 CEST49752443192.168.2.4162.159.135.232
                                                                              Aug 7, 2024 00:08:43.617758989 CEST44349752162.159.135.232192.168.2.4
                                                                              Aug 7, 2024 00:08:43.618601084 CEST44349752162.159.135.232192.168.2.4
                                                                              Aug 7, 2024 00:08:43.618669033 CEST49752443192.168.2.4162.159.135.232
                                                                              Aug 7, 2024 00:08:43.619437933 CEST49752443192.168.2.4162.159.135.232
                                                                              Aug 7, 2024 00:08:43.619481087 CEST44349752162.159.135.232192.168.2.4
                                                                              Aug 7, 2024 00:08:43.619584084 CEST44349752162.159.135.232192.168.2.4
                                                                              Aug 7, 2024 00:08:43.619635105 CEST49752443192.168.2.4162.159.135.232
                                                                              Aug 7, 2024 00:08:43.619649887 CEST49752443192.168.2.4162.159.135.232
                                                                              Aug 7, 2024 00:08:43.627208948 CEST49753443192.168.2.4162.159.135.232
                                                                              Aug 7, 2024 00:08:43.627238989 CEST44349753162.159.135.232192.168.2.4
                                                                              Aug 7, 2024 00:08:43.627326965 CEST49753443192.168.2.4162.159.135.232
                                                                              Aug 7, 2024 00:08:43.627801895 CEST49753443192.168.2.4162.159.135.232
                                                                              Aug 7, 2024 00:08:43.627816916 CEST44349753162.159.135.232192.168.2.4
                                                                              Aug 7, 2024 00:08:43.802786112 CEST44349751194.15.112.248192.168.2.4
                                                                              Aug 7, 2024 00:08:43.803251028 CEST49751443192.168.2.4194.15.112.248
                                                                              Aug 7, 2024 00:08:43.803283930 CEST44349751194.15.112.248192.168.2.4
                                                                              Aug 7, 2024 00:08:43.804306030 CEST44349751194.15.112.248192.168.2.4
                                                                              Aug 7, 2024 00:08:43.804368973 CEST49751443192.168.2.4194.15.112.248
                                                                              Aug 7, 2024 00:08:43.806067944 CEST49751443192.168.2.4194.15.112.248
                                                                              Aug 7, 2024 00:08:43.806108952 CEST44349751194.15.112.248192.168.2.4
                                                                              Aug 7, 2024 00:08:43.806226015 CEST44349751194.15.112.248192.168.2.4
                                                                              Aug 7, 2024 00:08:43.806252003 CEST49751443192.168.2.4194.15.112.248
                                                                              Aug 7, 2024 00:08:43.806289911 CEST49751443192.168.2.4194.15.112.248
                                                                              Aug 7, 2024 00:08:43.814106941 CEST49754443192.168.2.4193.37.215.73
                                                                              Aug 7, 2024 00:08:43.814152956 CEST44349754193.37.215.73192.168.2.4
                                                                              Aug 7, 2024 00:08:43.814219952 CEST49754443192.168.2.4193.37.215.73
                                                                              Aug 7, 2024 00:08:43.814435005 CEST49754443192.168.2.4193.37.215.73
                                                                              Aug 7, 2024 00:08:43.814451933 CEST44349754193.37.215.73192.168.2.4
                                                                              Aug 7, 2024 00:08:44.113598108 CEST44349753162.159.135.232192.168.2.4
                                                                              Aug 7, 2024 00:08:44.114084005 CEST49753443192.168.2.4162.159.135.232
                                                                              Aug 7, 2024 00:08:44.114099979 CEST44349753162.159.135.232192.168.2.4
                                                                              Aug 7, 2024 00:08:44.115061998 CEST44349753162.159.135.232192.168.2.4
                                                                              Aug 7, 2024 00:08:44.115122080 CEST49753443192.168.2.4162.159.135.232
                                                                              Aug 7, 2024 00:08:44.115741014 CEST49753443192.168.2.4162.159.135.232
                                                                              Aug 7, 2024 00:08:44.115772963 CEST44349753162.159.135.232192.168.2.4
                                                                              Aug 7, 2024 00:08:44.115830898 CEST49753443192.168.2.4162.159.135.232
                                                                              Aug 7, 2024 00:08:44.491000891 CEST44349754193.37.215.73192.168.2.4
                                                                              Aug 7, 2024 00:08:44.491589069 CEST49754443192.168.2.4193.37.215.73
                                                                              Aug 7, 2024 00:08:44.491617918 CEST44349754193.37.215.73192.168.2.4
                                                                              Aug 7, 2024 00:08:44.493287086 CEST44349754193.37.215.73192.168.2.4
                                                                              Aug 7, 2024 00:08:44.493376970 CEST49754443192.168.2.4193.37.215.73
                                                                              Aug 7, 2024 00:08:44.494287968 CEST49754443192.168.2.4193.37.215.73
                                                                              Aug 7, 2024 00:08:44.494328022 CEST44349754193.37.215.73192.168.2.4
                                                                              Aug 7, 2024 00:08:44.494488001 CEST44349754193.37.215.73192.168.2.4
                                                                              Aug 7, 2024 00:08:44.494489908 CEST49754443192.168.2.4193.37.215.73
                                                                              Aug 7, 2024 00:08:44.494544983 CEST49754443192.168.2.4193.37.215.73
                                                                              Aug 7, 2024 00:08:44.497745037 CEST49755443192.168.2.451.38.43.18
                                                                              Aug 7, 2024 00:08:44.497772932 CEST4434975551.38.43.18192.168.2.4
                                                                              Aug 7, 2024 00:08:44.498039007 CEST49755443192.168.2.451.38.43.18
                                                                              Aug 7, 2024 00:08:44.498369932 CEST49755443192.168.2.451.38.43.18
                                                                              Aug 7, 2024 00:08:44.498382092 CEST4434975551.38.43.18192.168.2.4
                                                                              Aug 7, 2024 00:08:45.165307045 CEST4434975551.38.43.18192.168.2.4
                                                                              Aug 7, 2024 00:08:45.165841103 CEST49755443192.168.2.451.38.43.18
                                                                              Aug 7, 2024 00:08:45.165883064 CEST4434975551.38.43.18192.168.2.4
                                                                              Aug 7, 2024 00:08:45.167413950 CEST4434975551.38.43.18192.168.2.4
                                                                              Aug 7, 2024 00:08:45.167495012 CEST49755443192.168.2.451.38.43.18
                                                                              Aug 7, 2024 00:08:45.168611050 CEST49755443192.168.2.451.38.43.18
                                                                              Aug 7, 2024 00:08:45.168659925 CEST4434975551.38.43.18192.168.2.4
                                                                              Aug 7, 2024 00:08:45.168768883 CEST49755443192.168.2.451.38.43.18
                                                                              Aug 7, 2024 00:08:45.172781944 CEST49756443192.168.2.445.55.107.24
                                                                              Aug 7, 2024 00:08:45.172831059 CEST4434975645.55.107.24192.168.2.4
                                                                              Aug 7, 2024 00:08:45.172914028 CEST49756443192.168.2.445.55.107.24
                                                                              Aug 7, 2024 00:08:45.173258066 CEST49756443192.168.2.445.55.107.24
                                                                              Aug 7, 2024 00:08:45.173274040 CEST4434975645.55.107.24192.168.2.4
                                                                              Aug 7, 2024 00:08:45.642894030 CEST4434975645.55.107.24192.168.2.4
                                                                              Aug 7, 2024 00:08:45.643841028 CEST49756443192.168.2.445.55.107.24
                                                                              Aug 7, 2024 00:08:45.643872023 CEST4434975645.55.107.24192.168.2.4
                                                                              Aug 7, 2024 00:08:45.647397995 CEST4434975645.55.107.24192.168.2.4
                                                                              Aug 7, 2024 00:08:45.647486925 CEST49756443192.168.2.445.55.107.24
                                                                              Aug 7, 2024 00:08:45.648231030 CEST49756443192.168.2.445.55.107.24
                                                                              Aug 7, 2024 00:08:45.648319006 CEST4434975645.55.107.24192.168.2.4
                                                                              Aug 7, 2024 00:08:45.648387909 CEST49756443192.168.2.445.55.107.24
                                                                              Aug 7, 2024 00:08:45.658092976 CEST49757443192.168.2.4162.159.135.232
                                                                              Aug 7, 2024 00:08:45.658128023 CEST44349757162.159.135.232192.168.2.4
                                                                              Aug 7, 2024 00:08:45.658193111 CEST49757443192.168.2.4162.159.135.232
                                                                              Aug 7, 2024 00:08:45.658524990 CEST49757443192.168.2.4162.159.135.232
                                                                              Aug 7, 2024 00:08:45.658536911 CEST44349757162.159.135.232192.168.2.4
                                                                              Aug 7, 2024 00:08:46.151549101 CEST44349757162.159.135.232192.168.2.4
                                                                              Aug 7, 2024 00:08:46.152031898 CEST49757443192.168.2.4162.159.135.232
                                                                              Aug 7, 2024 00:08:46.152045965 CEST44349757162.159.135.232192.168.2.4
                                                                              Aug 7, 2024 00:08:46.155019999 CEST44349757162.159.135.232192.168.2.4
                                                                              Aug 7, 2024 00:08:46.155082941 CEST49757443192.168.2.4162.159.135.232
                                                                              Aug 7, 2024 00:08:46.155843973 CEST49757443192.168.2.4162.159.135.232
                                                                              Aug 7, 2024 00:08:46.155888081 CEST44349757162.159.135.232192.168.2.4
                                                                              Aug 7, 2024 00:08:46.155971050 CEST49757443192.168.2.4162.159.135.232
                                                                              Aug 7, 2024 00:08:46.164324045 CEST49758443192.168.2.4162.159.135.232
                                                                              Aug 7, 2024 00:08:46.164347887 CEST44349758162.159.135.232192.168.2.4
                                                                              Aug 7, 2024 00:08:46.164402962 CEST49758443192.168.2.4162.159.135.232
                                                                              Aug 7, 2024 00:08:46.164638042 CEST49758443192.168.2.4162.159.135.232
                                                                              Aug 7, 2024 00:08:46.164650917 CEST44349758162.159.135.232192.168.2.4
                                                                              Aug 7, 2024 00:08:46.644025087 CEST44349758162.159.135.232192.168.2.4
                                                                              Aug 7, 2024 00:08:46.644437075 CEST49758443192.168.2.4162.159.135.232
                                                                              Aug 7, 2024 00:08:46.644458055 CEST44349758162.159.135.232192.168.2.4
                                                                              Aug 7, 2024 00:08:46.645894051 CEST44349758162.159.135.232192.168.2.4
                                                                              Aug 7, 2024 00:08:46.645956039 CEST49758443192.168.2.4162.159.135.232
                                                                              Aug 7, 2024 00:08:46.646667004 CEST49758443192.168.2.4162.159.135.232
                                                                              Aug 7, 2024 00:08:46.646709919 CEST44349758162.159.135.232192.168.2.4
                                                                              Aug 7, 2024 00:08:46.646768093 CEST49758443192.168.2.4162.159.135.232
                                                                              Aug 7, 2024 00:08:46.654211044 CEST49743443192.168.2.4162.159.61.3
                                                                              Aug 7, 2024 00:08:46.654278040 CEST44349743162.159.61.3192.168.2.4
                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              Aug 7, 2024 00:07:45.573085070 CEST4992553192.168.2.41.1.1.1
                                                                              Aug 7, 2024 00:07:45.580806971 CEST53499251.1.1.1192.168.2.4
                                                                              Aug 7, 2024 00:07:45.592551947 CEST5527653192.168.2.41.1.1.1
                                                                              Aug 7, 2024 00:07:45.599924088 CEST53552761.1.1.1192.168.2.4
                                                                              Aug 7, 2024 00:07:50.300422907 CEST5063553192.168.2.41.1.1.1
                                                                              Aug 7, 2024 00:07:50.300621986 CEST6001353192.168.2.41.1.1.1
                                                                              Aug 7, 2024 00:07:50.308023930 CEST53506351.1.1.1192.168.2.4
                                                                              Aug 7, 2024 00:07:50.309545994 CEST53600131.1.1.1192.168.2.4
                                                                              Aug 7, 2024 00:07:50.359065056 CEST59243443192.168.2.4162.159.61.3
                                                                              Aug 7, 2024 00:07:50.667716026 CEST59243443192.168.2.4162.159.61.3
                                                                              Aug 7, 2024 00:07:50.972560883 CEST44359243162.159.61.3192.168.2.4
                                                                              Aug 7, 2024 00:07:50.972733021 CEST44359243162.159.61.3192.168.2.4
                                                                              Aug 7, 2024 00:07:50.972743988 CEST44359243162.159.61.3192.168.2.4
                                                                              Aug 7, 2024 00:07:50.972755909 CEST44359243162.159.61.3192.168.2.4
                                                                              Aug 7, 2024 00:07:50.972815037 CEST44359243162.159.61.3192.168.2.4
                                                                              Aug 7, 2024 00:07:50.993868113 CEST59243443192.168.2.4162.159.61.3
                                                                              Aug 7, 2024 00:07:50.994106054 CEST59243443192.168.2.4162.159.61.3
                                                                              Aug 7, 2024 00:07:50.995733976 CEST59243443192.168.2.4162.159.61.3
                                                                              Aug 7, 2024 00:07:50.996426105 CEST59243443192.168.2.4162.159.61.3
                                                                              Aug 7, 2024 00:07:50.996603966 CEST59243443192.168.2.4162.159.61.3
                                                                              Aug 7, 2024 00:07:50.997730970 CEST59243443192.168.2.4162.159.61.3
                                                                              Aug 7, 2024 00:07:51.090610027 CEST44359243162.159.61.3192.168.2.4
                                                                              Aug 7, 2024 00:07:51.091021061 CEST44359243162.159.61.3192.168.2.4
                                                                              Aug 7, 2024 00:07:51.091029882 CEST44359243162.159.61.3192.168.2.4
                                                                              Aug 7, 2024 00:07:51.091039896 CEST44359243162.159.61.3192.168.2.4
                                                                              Aug 7, 2024 00:07:51.091043949 CEST44359243162.159.61.3192.168.2.4
                                                                              Aug 7, 2024 00:07:51.093152046 CEST44359243162.159.61.3192.168.2.4
                                                                              Aug 7, 2024 00:07:51.093868017 CEST59243443192.168.2.4162.159.61.3
                                                                              Aug 7, 2024 00:07:51.094290972 CEST59243443192.168.2.4162.159.61.3
                                                                              Aug 7, 2024 00:07:51.199523926 CEST59243443192.168.2.4162.159.61.3
                                                                              Aug 7, 2024 00:07:51.333168983 CEST44359243162.159.61.3192.168.2.4
                                                                              Aug 7, 2024 00:07:51.370872021 CEST59243443192.168.2.4162.159.61.3
                                                                              Aug 7, 2024 00:07:51.376830101 CEST44359243162.159.61.3192.168.2.4
                                                                              Aug 7, 2024 00:07:51.424737930 CEST44359243162.159.61.3192.168.2.4
                                                                              Aug 7, 2024 00:07:51.425659895 CEST44359243162.159.61.3192.168.2.4
                                                                              Aug 7, 2024 00:07:51.426354885 CEST59243443192.168.2.4162.159.61.3
                                                                              Aug 7, 2024 00:07:51.474607944 CEST59243443192.168.2.4162.159.61.3
                                                                              Aug 7, 2024 00:08:40.240602970 CEST4938753192.168.2.41.1.1.1
                                                                              Aug 7, 2024 00:08:40.249996901 CEST53493871.1.1.1192.168.2.4
                                                                              Aug 7, 2024 00:08:41.212492943 CEST4952853192.168.2.41.1.1.1
                                                                              Aug 7, 2024 00:08:41.230962992 CEST53495281.1.1.1192.168.2.4
                                                                              Aug 7, 2024 00:08:41.935818911 CEST5464853192.168.2.41.1.1.1
                                                                              Aug 7, 2024 00:08:41.943613052 CEST53546481.1.1.1192.168.2.4
                                                                              Aug 7, 2024 00:08:42.611525059 CEST5405553192.168.2.41.1.1.1
                                                                              Aug 7, 2024 00:08:42.621335030 CEST53540551.1.1.1192.168.2.4
                                                                              Aug 7, 2024 00:08:43.097022057 CEST6528853192.168.2.41.1.1.1
                                                                              Aug 7, 2024 00:08:43.135879993 CEST53652881.1.1.1192.168.2.4
                                                                              Aug 7, 2024 00:08:43.141108036 CEST5238253192.168.2.41.1.1.1
                                                                              Aug 7, 2024 00:08:43.147777081 CEST53523821.1.1.1192.168.2.4
                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                              Aug 7, 2024 00:07:45.573085070 CEST192.168.2.41.1.1.10xe1b5Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                              Aug 7, 2024 00:07:45.592551947 CEST192.168.2.41.1.1.10xf476Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                              Aug 7, 2024 00:07:50.300422907 CEST192.168.2.41.1.1.10xd47dStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                              Aug 7, 2024 00:07:50.300621986 CEST192.168.2.41.1.1.10xc0a4Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                              Aug 7, 2024 00:08:40.240602970 CEST192.168.2.41.1.1.10xd0e8Standard query (0)oshi.atA (IP address)IN (0x0001)false
                                                                              Aug 7, 2024 00:08:41.212492943 CEST192.168.2.41.1.1.10x691dStandard query (0)tempfile.meA (IP address)IN (0x0001)false
                                                                              Aug 7, 2024 00:08:41.935818911 CEST192.168.2.41.1.1.10x4fdaStandard query (0)api.gofile.ioA (IP address)IN (0x0001)false
                                                                              Aug 7, 2024 00:08:42.611525059 CEST192.168.2.41.1.1.10xc086Standard query (0)file.ioA (IP address)IN (0x0001)false
                                                                              Aug 7, 2024 00:08:43.097022057 CEST192.168.2.41.1.1.10x792Standard query (0)zerostone.discloud.appA (IP address)IN (0x0001)false
                                                                              Aug 7, 2024 00:08:43.141108036 CEST192.168.2.41.1.1.10xf544Standard query (0)discord.comA (IP address)IN (0x0001)false
                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                              Aug 7, 2024 00:07:45.580806971 CEST1.1.1.1192.168.2.40xe1b5No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                              Aug 7, 2024 00:07:45.580806971 CEST1.1.1.1192.168.2.40xe1b5No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                              Aug 7, 2024 00:07:45.599924088 CEST1.1.1.1192.168.2.40xf476No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                              Aug 7, 2024 00:07:50.308023930 CEST1.1.1.1192.168.2.40xd47dNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                              Aug 7, 2024 00:07:50.308023930 CEST1.1.1.1192.168.2.40xd47dNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                              Aug 7, 2024 00:07:50.309545994 CEST1.1.1.1192.168.2.40xc0a4No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                              Aug 7, 2024 00:08:40.249996901 CEST1.1.1.1192.168.2.40xd0e8No error (0)oshi.at194.15.112.248A (IP address)IN (0x0001)false
                                                                              Aug 7, 2024 00:08:40.249996901 CEST1.1.1.1192.168.2.40xd0e8No error (0)oshi.at188.241.120.6A (IP address)IN (0x0001)false
                                                                              Aug 7, 2024 00:08:40.249996901 CEST1.1.1.1192.168.2.40xd0e8No error (0)oshi.at5.253.86.15A (IP address)IN (0x0001)false
                                                                              Aug 7, 2024 00:08:41.230962992 CEST1.1.1.1192.168.2.40x691dNo error (0)tempfile.me193.37.215.73A (IP address)IN (0x0001)false
                                                                              Aug 7, 2024 00:08:41.230962992 CEST1.1.1.1192.168.2.40x691dNo error (0)tempfile.me212.111.80.158A (IP address)IN (0x0001)false
                                                                              Aug 7, 2024 00:08:41.943613052 CEST1.1.1.1192.168.2.40x4fdaNo error (0)api.gofile.io51.38.43.18A (IP address)IN (0x0001)false
                                                                              Aug 7, 2024 00:08:41.943613052 CEST1.1.1.1192.168.2.40x4fdaNo error (0)api.gofile.io45.112.123.126A (IP address)IN (0x0001)false
                                                                              Aug 7, 2024 00:08:42.621335030 CEST1.1.1.1192.168.2.40xc086No error (0)file.io45.55.107.24A (IP address)IN (0x0001)false
                                                                              Aug 7, 2024 00:08:43.147777081 CEST1.1.1.1192.168.2.40xf544No error (0)discord.com162.159.135.232A (IP address)IN (0x0001)false
                                                                              Aug 7, 2024 00:08:43.147777081 CEST1.1.1.1192.168.2.40xf544No error (0)discord.com162.159.136.232A (IP address)IN (0x0001)false
                                                                              Aug 7, 2024 00:08:43.147777081 CEST1.1.1.1192.168.2.40xf544No error (0)discord.com162.159.128.233A (IP address)IN (0x0001)false
                                                                              Aug 7, 2024 00:08:43.147777081 CEST1.1.1.1192.168.2.40xf544No error (0)discord.com162.159.138.232A (IP address)IN (0x0001)false
                                                                              Aug 7, 2024 00:08:43.147777081 CEST1.1.1.1192.168.2.40xf544No error (0)discord.com162.159.137.232A (IP address)IN (0x0001)false
                                                                              • chrome.cloudflare-dns.com
                                                                              • 92.246.138.20
                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              0192.168.2.44974592.246.138.20807944C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Aug 7, 2024 00:08:39.566921949 CEST483OUTPOST /storage HTTP/1.1
                                                                              Accept: application/json, text/plain, */*
                                                                              Content-Type: multipart/form-data; boundary=--------------------------477003295431156589431349
                                                                              User-Agent: axios/1.7.2
                                                                              Content-Length: 2931
                                                                              Accept-Encoding: gzip, compress, deflate, br
                                                                              Host: 92.246.138.20
                                                                              Connection: close
                                                                              Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 34 37 37 30 30 33 32 39 35 34 33 31 31 35 36 35 38 39 34 33 31 33 34 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 38 34 38 38 61 34 33 34 2d 31 66 63 35 2d 34 31 33 33 2d 62 37 33 39 2d 36 65 34 31 38 64 37 33 38 38 64 63 2e 7a 69 70 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 7a 69 70 0d 0a 0d 0a
                                                                              Data Ascii: ----------------------------477003295431156589431349Content-Disposition: form-data; name="file"; filename="8488a434-1fc5-4133-b739-6e418d7388dc.zip"Content-Type: application/zip
                                                                              Aug 7, 2024 00:08:39.567004919 CEST2746OUTData Raw: 50 4b 03 04 14 00 00 08 00 00 f0 90 06 59 00 00 00 00 00 00 00 00 00 00 00 00 0d 00 00 00 41 70 70 6c 69 63 61 74 69 6f 6e 73 5c 50 4b 03 04 14 00 00 08 00 00 f0 90 06 59 00 00 00 00 00 00 00 00 00 00 00 00 13 00 00 00 42 72 6f 77 73 65 72 20 45
                                                                              Data Ascii: PKYApplications\PKYBrowser Extensions\PKYCookies\PKYq-Cookies\Google_Default.txtH9*2!Y|'6Z}Z3bX
                                                                              Aug 7, 2024 00:08:40.195528030 CEST200INHTTP/1.1 200 OK
                                                                              X-Powered-By: Express
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Content-Length: 2
                                                                              ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
                                                                              Date: Tue, 06 Aug 2024 22:08:40 GMT
                                                                              Connection: close
                                                                              Data Raw: 4f 4b
                                                                              Data Ascii: OK


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              1192.168.2.44974992.246.138.20806040C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Aug 7, 2024 00:08:42.127584934 CEST483OUTPOST /storage HTTP/1.1
                                                                              Accept: application/json, text/plain, */*
                                                                              Content-Type: multipart/form-data; boundary=--------------------------519627254103682819472193
                                                                              User-Agent: axios/1.7.2
                                                                              Content-Length: 2931
                                                                              Accept-Encoding: gzip, compress, deflate, br
                                                                              Host: 92.246.138.20
                                                                              Connection: close
                                                                              Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 35 31 39 36 32 37 32 35 34 31 30 33 36 38 32 38 31 39 34 37 32 31 39 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 61 31 62 38 35 62 39 61 2d 30 35 64 64 2d 34 36 37 37 2d 38 65 61 39 2d 32 30 34 38 64 32 34 36 33 32 61 36 2e 7a 69 70 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 7a 69 70 0d 0a 0d 0a
                                                                              Data Ascii: ----------------------------519627254103682819472193Content-Disposition: form-data; name="file"; filename="a1b85b9a-05dd-4677-8ea9-2048d24632a6.zip"Content-Type: application/zip
                                                                              Aug 7, 2024 00:08:42.127669096 CEST2688OUTData Raw: 50 4b 03 04 14 00 00 08 00 00 f6 90 06 59 00 00 00 00 00 00 00 00 00 00 00 00 0d 00 00 00 41 70 70 6c 69 63 61 74 69 6f 6e 73 5c 50 4b 03 04 14 00 00 08 00 00 f6 90 06 59 00 00 00 00 00 00 00 00 00 00 00 00 13 00 00 00 42 72 6f 77 73 65 72 20 45
                                                                              Data Ascii: PKYApplications\PKYBrowser Extensions\PKYCookies\PKYq-Cookies\Google_Default.txtH9*2!Y|'6Z}Z3bX
                                                                              Aug 7, 2024 00:08:42.128262043 CEST58OUTData Raw: 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 35 31 39 36 32 37 32 35 34 31 30 33 36 38 32 38 31 39 34 37 32 31 39 33 2d 2d 0d 0a
                                                                              Data Ascii: ----------------------------519627254103682819472193--
                                                                              Aug 7, 2024 00:08:42.712011099 CEST200INHTTP/1.1 200 OK
                                                                              X-Powered-By: Express
                                                                              Content-Type: text/html; charset=utf-8
                                                                              Content-Length: 2
                                                                              ETag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
                                                                              Date: Tue, 06 Aug 2024 22:08:42 GMT
                                                                              Connection: close
                                                                              Data Raw: 4f 4b
                                                                              Data Ascii: OK


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              0192.168.2.449742172.64.41.34434944C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              2024-08-06 22:07:46 UTC245OUTPOST /dns-query HTTP/1.1
                                                                              Host: chrome.cloudflare-dns.com
                                                                              Connection: keep-alive
                                                                              Content-Length: 128
                                                                              Accept: application/dns-message
                                                                              Accept-Language: *
                                                                              User-Agent: Chrome
                                                                              Accept-Encoding: identity
                                                                              Content-Type: application/dns-message
                                                                              2024-08-06 22:07:46 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                              Data Ascii: wwwgstaticcom)TP
                                                                              2024-08-06 22:07:46 UTC247INHTTP/1.1 200 OK
                                                                              Server: cloudflare
                                                                              Date: Tue, 06 Aug 2024 22:07:46 GMT
                                                                              Content-Type: application/dns-message
                                                                              Connection: close
                                                                              Access-Control-Allow-Origin: *
                                                                              Content-Length: 468
                                                                              CF-RAY: 8af257799f69432c-EWR
                                                                              alt-svc: h3=":443"; ma=86400
                                                                              2024-08-06 22:07:46 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 8e 00 04 8e fa 51 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                              Data Ascii: wwwgstaticcomQ)


                                                                              Click to jump to process

                                                                              Click to jump to process

                                                                              Click to dive into process behavior distribution

                                                                              Click to jump to process

                                                                              Target ID:0
                                                                              Start time:18:07:05
                                                                              Start date:06/08/2024
                                                                              Path:C:\Users\user\Desktop\KyrazonSetup.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Users\user\Desktop\KyrazonSetup.exe"
                                                                              Imagebase:0x400000
                                                                              File size:80'239'576 bytes
                                                                              MD5 hash:7A84BBEADE50E7110FE8D278DC22B92D
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:low
                                                                              Has exited:true

                                                                              Target ID:1
                                                                              Start time:18:07:05
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\SysWOW64\cmd.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Windows\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq KyrazonGodot.exe" /FO csv | "C:\Windows\system32\find.exe" "KyrazonGodot.exe"
                                                                              Imagebase:0x240000
                                                                              File size:236'544 bytes
                                                                              MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              Target ID:2
                                                                              Start time:18:07:05
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              Target ID:3
                                                                              Start time:18:07:06
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\SysWOW64\tasklist.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq KyrazonGodot.exe" /FO csv
                                                                              Imagebase:0xa50000
                                                                              File size:79'360 bytes
                                                                              MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:moderate
                                                                              Has exited:true

                                                                              Target ID:4
                                                                              Start time:18:07:06
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\SysWOW64\find.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Windows\system32\find.exe" "KyrazonGodot.exe"
                                                                              Imagebase:0xc70000
                                                                              File size:14'848 bytes
                                                                              MD5 hash:15B158BC998EEF74CFDD27C44978AEA0
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:moderate
                                                                              Has exited:true

                                                                              Target ID:8
                                                                              Start time:18:07:27
                                                                              Start date:06/08/2024
                                                                              Path:C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:"C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe"
                                                                              Imagebase:0x420000
                                                                              File size:172'671'488 bytes
                                                                              MD5 hash:EEB12AAC1FF31A9D17BA437700CAF9D6
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Antivirus matches:
                                                                              • Detection: 0%, ReversingLabs
                                                                              Reputation:low
                                                                              Has exited:true

                                                                              Target ID:11
                                                                              Start time:18:07:31
                                                                              Start date:06/08/2024
                                                                              Path:C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:"C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\KyrazonGodot" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1772 --field-trial-handle=1776,i,4294901941177378234,17718125093265605642,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
                                                                              Imagebase:0x7ff6e4d70000
                                                                              File size:172'671'488 bytes
                                                                              MD5 hash:EEB12AAC1FF31A9D17BA437700CAF9D6
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:low
                                                                              Has exited:true

                                                                              Target ID:12
                                                                              Start time:18:07:30
                                                                              Start date:06/08/2024
                                                                              Path:C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exe /A:C "/F:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KyrazonGodot.lnk" /T:C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe
                                                                              Imagebase:0x400000
                                                                              File size:57'344 bytes
                                                                              MD5 hash:59375510BDE2FF0DBA7A8197AD9F12BB
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:low
                                                                              Has exited:true

                                                                              Target ID:13
                                                                              Start time:18:07:30
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              Target ID:14
                                                                              Start time:18:07:30
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\cmd.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                              Imagebase:0x7ff6258c0000
                                                                              File size:289'792 bytes
                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              Target ID:15
                                                                              Start time:18:07:31
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:high
                                                                              Has exited:true

                                                                              Target ID:16
                                                                              Start time:18:07:31
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:tasklist
                                                                              Imagebase:0x7ff6a0320000
                                                                              File size:106'496 bytes
                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:moderate
                                                                              Has exited:true

                                                                              Target ID:17
                                                                              Start time:18:07:32
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\cmd.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                              Imagebase:0x7ff6258c0000
                                                                              File size:289'792 bytes
                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:18
                                                                              Start time:18:07:32
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\cmd.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                              Imagebase:0x7ff6258c0000
                                                                              File size:289'792 bytes
                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:19
                                                                              Start time:18:07:32
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:20
                                                                              Start time:18:07:32
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\cmd.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                              Imagebase:0x7ff6258c0000
                                                                              File size:289'792 bytes
                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:21
                                                                              Start time:18:07:32
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:22
                                                                              Start time:18:07:32
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\cmd.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\cmd.exe /d /s /c "where /r . data.sqlite"
                                                                              Imagebase:0x7ff6258c0000
                                                                              File size:289'792 bytes
                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:23
                                                                              Start time:18:07:32
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:24
                                                                              Start time:18:07:32
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:25
                                                                              Start time:18:07:32
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:tasklist
                                                                              Imagebase:0x7ff6a0320000
                                                                              File size:106'496 bytes
                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:26
                                                                              Start time:18:07:32
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:tasklist
                                                                              Imagebase:0x7ff6a0320000
                                                                              File size:106'496 bytes
                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:27
                                                                              Start time:18:07:32
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:tasklist
                                                                              Imagebase:0x7ff6a0320000
                                                                              File size:106'496 bytes
                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:28
                                                                              Start time:18:07:32
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\where.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:where /r . data.sqlite
                                                                              Imagebase:0x7ff676b20000
                                                                              File size:43'008 bytes
                                                                              MD5 hash:3CF958B0F63FB1D74F7FCFE14B039A58
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:29
                                                                              Start time:18:07:35
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\cmd.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                              Imagebase:0x7ff6258c0000
                                                                              File size:289'792 bytes
                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:30
                                                                              Start time:18:07:35
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:31
                                                                              Start time:18:07:35
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:tasklist
                                                                              Imagebase:0x7ff6a0320000
                                                                              File size:106'496 bytes
                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:32
                                                                              Start time:18:07:36
                                                                              Start date:06/08/2024
                                                                              Path:C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:"C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\KyrazonGodot" --mojo-platform-channel-handle=2364 --field-trial-handle=1776,i,4294901941177378234,17718125093265605642,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
                                                                              Imagebase:0x7ff6e4d70000
                                                                              File size:172'671'488 bytes
                                                                              MD5 hash:EEB12AAC1FF31A9D17BA437700CAF9D6
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:33
                                                                              Start time:18:07:37
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\cmd.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                              Imagebase:0x7ff6258c0000
                                                                              File size:289'792 bytes
                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:34
                                                                              Start time:18:07:37
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:35
                                                                              Start time:18:07:37
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:tasklist
                                                                              Imagebase:0x7ff6a0320000
                                                                              File size:106'496 bytes
                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:36
                                                                              Start time:18:07:38
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\cmd.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                              Imagebase:0x7ff6258c0000
                                                                              File size:289'792 bytes
                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:37
                                                                              Start time:18:07:38
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:38
                                                                              Start time:18:07:38
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:tasklist
                                                                              Imagebase:0x7ff6a0320000
                                                                              File size:106'496 bytes
                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:39
                                                                              Start time:18:07:39
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\cmd.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                              Imagebase:0x7ff6258c0000
                                                                              File size:289'792 bytes
                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:40
                                                                              Start time:18:07:39
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:41
                                                                              Start time:18:07:39
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:tasklist
                                                                              Imagebase:0x7ff6a0320000
                                                                              File size:106'496 bytes
                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:42
                                                                              Start time:18:07:40
                                                                              Start date:06/08/2024
                                                                              Path:C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:"C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe"
                                                                              Imagebase:0x7ff6e4d70000
                                                                              File size:172'671'488 bytes
                                                                              MD5 hash:EEB12AAC1FF31A9D17BA437700CAF9D6
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:43
                                                                              Start time:18:07:40
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\cmd.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                              Imagebase:0x7ff6258c0000
                                                                              File size:289'792 bytes
                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:44
                                                                              Start time:18:07:40
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:45
                                                                              Start time:18:07:40
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:tasklist
                                                                              Imagebase:0x7ff6a0320000
                                                                              File size:106'496 bytes
                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:46
                                                                              Start time:18:07:43
                                                                              Start date:06/08/2024
                                                                              Path:C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:"C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\KyrazonGodot" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1740 --field-trial-handle=1744,i,17217612992806517809,8679626120337516312,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
                                                                              Imagebase:0x7ff6e4d70000
                                                                              File size:172'671'488 bytes
                                                                              MD5 hash:EEB12AAC1FF31A9D17BA437700CAF9D6
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:47
                                                                              Start time:18:07:42
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\cmd.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                              Imagebase:0x7ff6258c0000
                                                                              File size:289'792 bytes
                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:48
                                                                              Start time:18:07:42
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:49
                                                                              Start time:18:07:42
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:tasklist
                                                                              Imagebase:0x7ff6a0320000
                                                                              File size:106'496 bytes
                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:50
                                                                              Start time:18:07:42
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\cmd.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                              Imagebase:0x7ff6258c0000
                                                                              File size:289'792 bytes
                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:51
                                                                              Start time:18:07:43
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:52
                                                                              Start time:18:07:43
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:tasklist
                                                                              Imagebase:0x7ff6a0320000
                                                                              File size:106'496 bytes
                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:53
                                                                              Start time:18:07:44
                                                                              Start date:06/08/2024
                                                                              Path:C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:"C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\KyrazonGodot" --mojo-platform-channel-handle=2228 --field-trial-handle=1744,i,17217612992806517809,8679626120337516312,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
                                                                              Imagebase:0x7ff6e4d70000
                                                                              File size:172'671'488 bytes
                                                                              MD5 hash:EEB12AAC1FF31A9D17BA437700CAF9D6
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:54
                                                                              Start time:18:07:44
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\cmd.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                              Imagebase:0x7ff6258c0000
                                                                              File size:289'792 bytes
                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:55
                                                                              Start time:18:07:44
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:56
                                                                              Start time:18:07:44
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\cmd.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                              Imagebase:0x7ff6258c0000
                                                                              File size:289'792 bytes
                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:57
                                                                              Start time:18:07:44
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\cmd.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                              Imagebase:0x7ff6258c0000
                                                                              File size:289'792 bytes
                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:58
                                                                              Start time:18:07:44
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:59
                                                                              Start time:18:07:44
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\cmd.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\cmd.exe /d /s /c "where /r . data.sqlite"
                                                                              Imagebase:0x7ff6258c0000
                                                                              File size:289'792 bytes
                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:60
                                                                              Start time:18:07:44
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:61
                                                                              Start time:18:07:44
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:62
                                                                              Start time:18:07:44
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:tasklist
                                                                              Imagebase:0x7ff6a0320000
                                                                              File size:106'496 bytes
                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:63
                                                                              Start time:18:07:44
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:tasklist
                                                                              Imagebase:0x7ff6a0320000
                                                                              File size:106'496 bytes
                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:64
                                                                              Start time:18:07:44
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:tasklist
                                                                              Imagebase:0x7ff6a0320000
                                                                              File size:106'496 bytes
                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:65
                                                                              Start time:18:07:44
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\where.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:where /r . data.sqlite
                                                                              Imagebase:0x7ff676b20000
                                                                              File size:43'008 bytes
                                                                              MD5 hash:3CF958B0F63FB1D74F7FCFE14B039A58
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:66
                                                                              Start time:18:07:46
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\cmd.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                              Imagebase:0x7ff6258c0000
                                                                              File size:289'792 bytes
                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:67
                                                                              Start time:18:07:46
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:68
                                                                              Start time:18:07:46
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:tasklist
                                                                              Imagebase:0x7ff6a0320000
                                                                              File size:106'496 bytes
                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:69
                                                                              Start time:18:07:48
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\cmd.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                              Imagebase:0x7ff6258c0000
                                                                              File size:289'792 bytes
                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:70
                                                                              Start time:18:07:48
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:71
                                                                              Start time:18:07:48
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:tasklist
                                                                              Imagebase:0x7ff6a0320000
                                                                              File size:106'496 bytes
                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:72
                                                                              Start time:18:07:48
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\cmd.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                              Imagebase:0x7ff6258c0000
                                                                              File size:289'792 bytes
                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:73
                                                                              Start time:18:07:48
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:74
                                                                              Start time:18:07:48
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:tasklist
                                                                              Imagebase:0x7ff6a0320000
                                                                              File size:106'496 bytes
                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:75
                                                                              Start time:18:07:49
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\cmd.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                              Imagebase:0x7ff6258c0000
                                                                              File size:289'792 bytes
                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:76
                                                                              Start time:18:07:49
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:77
                                                                              Start time:18:07:49
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:tasklist
                                                                              Imagebase:0x7ff6a0320000
                                                                              File size:106'496 bytes
                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:78
                                                                              Start time:18:07:50
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\cmd.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                              Imagebase:0x7ff6258c0000
                                                                              File size:289'792 bytes
                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:79
                                                                              Start time:18:07:50
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:80
                                                                              Start time:18:07:50
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:tasklist
                                                                              Imagebase:0x7ff6a0320000
                                                                              File size:106'496 bytes
                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:81
                                                                              Start time:18:07:50
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\cmd.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                              Imagebase:0x7ff6258c0000
                                                                              File size:289'792 bytes
                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:82
                                                                              Start time:18:07:50
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:83
                                                                              Start time:18:07:50
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:tasklist
                                                                              Imagebase:0x7ff6a0320000
                                                                              File size:106'496 bytes
                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:84
                                                                              Start time:18:07:51
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\cmd.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                              Imagebase:0x7ff6258c0000
                                                                              File size:289'792 bytes
                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:85
                                                                              Start time:18:07:51
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:86
                                                                              Start time:18:07:51
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:tasklist
                                                                              Imagebase:0x7ff6a0320000
                                                                              File size:106'496 bytes
                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:87
                                                                              Start time:18:07:52
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\cmd.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                              Imagebase:0x7ff6258c0000
                                                                              File size:289'792 bytes
                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:88
                                                                              Start time:18:07:52
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:89
                                                                              Start time:18:07:52
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:tasklist
                                                                              Imagebase:0x7ff6a0320000
                                                                              File size:106'496 bytes
                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:90
                                                                              Start time:18:07:52
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\cmd.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                              Imagebase:0x7ff6258c0000
                                                                              File size:289'792 bytes
                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:91
                                                                              Start time:18:07:52
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:92
                                                                              Start time:18:07:52
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:tasklist
                                                                              Imagebase:0x7ff6a0320000
                                                                              File size:106'496 bytes
                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:93
                                                                              Start time:18:07:53
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\cmd.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                              Imagebase:0x7ff6258c0000
                                                                              File size:289'792 bytes
                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:94
                                                                              Start time:18:07:53
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff71e800000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:95
                                                                              Start time:18:07:53
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:tasklist
                                                                              Imagebase:0x7ff6a0320000
                                                                              File size:106'496 bytes
                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:96
                                                                              Start time:18:07:54
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\cmd.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                              Imagebase:0x7ff6258c0000
                                                                              File size:289'792 bytes
                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:97
                                                                              Start time:18:07:54
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:false
                                                                              Has administrator privileges:false
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:true

                                                                              Target ID:112
                                                                              Start time:18:07:55
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:117
                                                                              Start time:18:07:55
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:127
                                                                              Start time:18:07:57
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:137
                                                                              Start time:18:07:57
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:152
                                                                              Start time:18:07:59
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:161
                                                                              Start time:18:08:00
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:177
                                                                              Start time:18:08:02
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:182
                                                                              Start time:18:08:02
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:190
                                                                              Start time:18:08:03
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:191
                                                                              Start time:18:08:03
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:221
                                                                              Start time:18:08:05
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:230
                                                                              Start time:18:08:06
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:288
                                                                              Start time:18:08:12
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:294
                                                                              Start time:18:08:12
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:295
                                                                              Start time:18:08:12
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:312
                                                                              Start time:18:08:14
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:356
                                                                              Start time:18:08:17
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff6eef20000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:362
                                                                              Start time:18:08:18
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:382
                                                                              Start time:18:08:20
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:422
                                                                              Start time:18:08:23
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:428
                                                                              Start time:18:08:24
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:453
                                                                              Start time:18:08:26
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:468
                                                                              Start time:18:08:27
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:473
                                                                              Start time:18:08:27
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:483
                                                                              Start time:18:08:28
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:498
                                                                              Start time:18:08:29
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:508
                                                                              Start time:18:08:30
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:522
                                                                              Start time:18:08:31
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:528
                                                                              Start time:18:08:32
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:538
                                                                              Start time:18:08:32
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:548
                                                                              Start time:18:08:33
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:563
                                                                              Start time:18:08:34
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:573
                                                                              Start time:18:08:35
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):false
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:0x7ff7699e0000
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:578
                                                                              Start time:18:08:35
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:598
                                                                              Start time:18:08:37
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:603
                                                                              Start time:18:08:37
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:608
                                                                              Start time:18:08:38
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:623
                                                                              Start time:18:08:39
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:633
                                                                              Start time:18:08:40
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:648
                                                                              Start time:18:08:43
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Target ID:653
                                                                              Start time:18:08:46
                                                                              Start date:06/08/2024
                                                                              Path:C:\Windows\System32\Conhost.exe
                                                                              Wow64 process (32bit):
                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                              Imagebase:
                                                                              File size:862'208 bytes
                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                              Has elevated privileges:
                                                                              Has administrator privileges:
                                                                              Programmed in:C, C++ or other language
                                                                              Has exited:false

                                                                              Reset < >

                                                                                Execution Graph

                                                                                Execution Coverage:26.8%
                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                Signature Coverage:21.1%
                                                                                Total number of Nodes:1277
                                                                                Total number of Limit Nodes:36
                                                                                execution_graph 3641 402340 3642 402acb 17 API calls 3641->3642 3643 402351 3642->3643 3644 402acb 17 API calls 3643->3644 3645 40235a 3644->3645 3646 402acb 17 API calls 3645->3646 3647 402364 GetPrivateProfileStringA 3646->3647 3648 401d41 GetDlgItem GetClientRect 3649 402acb 17 API calls 3648->3649 3650 401d71 LoadImageA SendMessageA 3649->3650 3651 402957 3650->3651 3652 401d8f DeleteObject 3650->3652 3652->3651 3653 404a44 GetDlgItem GetDlgItem 3654 404a96 7 API calls 3653->3654 3668 404cae 3653->3668 3655 404b39 DeleteObject 3654->3655 3656 404b2c SendMessageA 3654->3656 3657 404b42 3655->3657 3656->3655 3659 404b79 3657->3659 3661 405fc2 17 API calls 3657->3661 3658 404d92 3660 404e3e 3658->3660 3664 404ca1 3658->3664 3670 404deb SendMessageA 3658->3670 3662 40403f 18 API calls 3659->3662 3665 404e50 3660->3665 3666 404e48 SendMessageA 3660->3666 3667 404b5b SendMessageA SendMessageA 3661->3667 3663 404b8d 3662->3663 3669 40403f 18 API calls 3663->3669 3671 4040a6 8 API calls 3664->3671 3677 404e62 ImageList_Destroy 3665->3677 3678 404e69 3665->3678 3682 404e79 3665->3682 3666->3665 3667->3657 3668->3658 3685 404d1f 3668->3685 3706 404992 SendMessageA 3668->3706 3686 404b9b 3669->3686 3670->3664 3675 404e00 SendMessageA 3670->3675 3676 405034 3671->3676 3672 404d84 SendMessageA 3672->3658 3674 404fe8 3674->3664 3683 404ffa ShowWindow GetDlgItem ShowWindow 3674->3683 3681 404e13 3675->3681 3677->3678 3679 404e72 GlobalFree 3678->3679 3678->3682 3679->3682 3680 404c6f GetWindowLongA SetWindowLongA 3684 404c88 3680->3684 3691 404e24 SendMessageA 3681->3691 3682->3674 3698 404eb4 3682->3698 3711 404a12 3682->3711 3683->3664 3687 404ca6 3684->3687 3688 404c8e ShowWindow 3684->3688 3685->3658 3685->3672 3686->3680 3690 404bea SendMessageA 3686->3690 3692 404c69 3686->3692 3695 404c26 SendMessageA 3686->3695 3696 404c37 SendMessageA 3686->3696 3705 404074 SendMessageA 3687->3705 3704 404074 SendMessageA 3688->3704 3690->3686 3691->3660 3692->3680 3692->3684 3693 404ef8 3699 404fbe InvalidateRect 3693->3699 3703 404f6c SendMessageA SendMessageA 3693->3703 3695->3686 3696->3686 3698->3693 3700 404ee2 SendMessageA 3698->3700 3699->3674 3701 404fd4 3699->3701 3700->3693 3720 40494d 3701->3720 3703->3693 3704->3664 3705->3668 3707 4049f1 SendMessageA 3706->3707 3708 4049b5 GetMessagePos ScreenToClient SendMessageA 3706->3708 3710 4049e9 3707->3710 3709 4049ee 3708->3709 3708->3710 3709->3707 3710->3685 3723 405fa0 lstrcpynA 3711->3723 3713 404a25 3724 405efe wsprintfA 3713->3724 3715 404a2f 3716 40140b 2 API calls 3715->3716 3717 404a38 3716->3717 3725 405fa0 lstrcpynA 3717->3725 3719 404a3f 3719->3698 3726 404888 3720->3726 3722 404962 3722->3674 3723->3713 3724->3715 3725->3719 3727 40489e 3726->3727 3728 405fc2 17 API calls 3727->3728 3729 404902 3728->3729 3730 405fc2 17 API calls 3729->3730 3731 40490d 3730->3731 3732 405fc2 17 API calls 3731->3732 3733 404923 lstrlenA wsprintfA SetDlgItemTextA 3732->3733 3733->3722 2991 401746 2992 402acb 17 API calls 2991->2992 2993 40174d 2992->2993 2997 405b68 2993->2997 2995 401754 2996 405b68 2 API calls 2995->2996 2996->2995 2998 405b73 GetTickCount GetTempFileNameA 2997->2998 2999 405ba0 2998->2999 3000 405ba4 2998->3000 2999->2998 2999->3000 3000->2995 3734 401947 3735 402acb 17 API calls 3734->3735 3736 40194e lstrlenA 3735->3736 3737 40257d 3736->3737 3741 4025ca 3742 402aa9 17 API calls 3741->3742 3748 4025d4 3742->3748 3743 402642 3744 405bb1 ReadFile 3744->3748 3745 402644 3750 405efe wsprintfA 3745->3750 3747 402654 3747->3743 3749 40266a SetFilePointer 3747->3749 3748->3743 3748->3744 3748->3745 3748->3747 3749->3743 3750->3743 3026 40224b 3027 402acb 17 API calls 3026->3027 3028 402251 3027->3028 3029 402acb 17 API calls 3028->3029 3030 40225a 3029->3030 3031 402acb 17 API calls 3030->3031 3032 402263 3031->3032 3041 4062a3 FindFirstFileA 3032->3041 3035 402270 3037 4050c7 24 API calls 3035->3037 3036 40227d lstrlenA lstrlenA 3038 4050c7 24 API calls 3036->3038 3039 402278 3037->3039 3040 4022b9 SHFileOperationA 3038->3040 3040->3035 3040->3039 3042 40226c 3041->3042 3043 4062b9 FindClose 3041->3043 3042->3035 3042->3036 3043->3042 3751 4028cb 3752 402aa9 17 API calls 3751->3752 3753 4028d1 3752->3753 3754 402906 3753->3754 3755 40271c 3753->3755 3757 4028e3 3753->3757 3754->3755 3756 405fc2 17 API calls 3754->3756 3756->3755 3757->3755 3759 405efe wsprintfA 3757->3759 3759->3755 3760 4022cd 3761 4022d4 3760->3761 3765 4022e7 3760->3765 3762 405fc2 17 API calls 3761->3762 3763 4022e1 3762->3763 3764 4056bc MessageBoxIndirectA 3763->3764 3764->3765 3766 4044d1 3767 4044fd 3766->3767 3768 40450e 3766->3768 3827 4056a0 GetDlgItemTextA 3767->3827 3770 40451a GetDlgItem 3768->3770 3774 404579 3768->3774 3772 40452e 3770->3772 3771 404508 3775 40620a 5 API calls 3771->3775 3777 404542 SetWindowTextA 3772->3777 3782 4059d1 4 API calls 3772->3782 3773 40465d 3825 404807 3773->3825 3829 4056a0 GetDlgItemTextA 3773->3829 3774->3773 3778 405fc2 17 API calls 3774->3778 3774->3825 3775->3768 3780 40403f 18 API calls 3777->3780 3784 4045ed SHBrowseForFolderA 3778->3784 3779 40468d 3785 405a26 18 API calls 3779->3785 3786 40455e 3780->3786 3781 4040a6 8 API calls 3787 40481b 3781->3787 3783 404538 3782->3783 3783->3777 3791 405938 3 API calls 3783->3791 3784->3773 3788 404605 CoTaskMemFree 3784->3788 3789 404693 3785->3789 3790 40403f 18 API calls 3786->3790 3792 405938 3 API calls 3788->3792 3830 405fa0 lstrcpynA 3789->3830 3793 40456c 3790->3793 3791->3777 3794 404612 3792->3794 3828 404074 SendMessageA 3793->3828 3797 404649 SetDlgItemTextA 3794->3797 3802 405fc2 17 API calls 3794->3802 3797->3773 3798 404572 3800 406338 5 API calls 3798->3800 3799 4046aa 3801 406338 5 API calls 3799->3801 3800->3774 3809 4046b1 3801->3809 3803 404631 lstrcmpiA 3802->3803 3803->3797 3806 404642 lstrcatA 3803->3806 3804 4046ed 3831 405fa0 lstrcpynA 3804->3831 3806->3797 3807 4046f4 3808 4059d1 4 API calls 3807->3808 3810 4046fa GetDiskFreeSpaceA 3808->3810 3809->3804 3812 40597f 2 API calls 3809->3812 3814 404745 3809->3814 3813 40471e MulDiv 3810->3813 3810->3814 3812->3809 3813->3814 3815 4047b6 3814->3815 3817 40494d 20 API calls 3814->3817 3816 4047d9 3815->3816 3818 40140b 2 API calls 3815->3818 3832 404061 KiUserCallbackDispatcher 3816->3832 3819 4047a3 3817->3819 3818->3816 3821 4047b8 SetDlgItemTextA 3819->3821 3822 4047a8 3819->3822 3821->3815 3824 404888 20 API calls 3822->3824 3823 4047f5 3823->3825 3833 40442a 3823->3833 3824->3815 3825->3781 3827->3771 3828->3798 3829->3779 3830->3799 3831->3807 3832->3823 3834 404438 3833->3834 3835 40443d SendMessageA 3833->3835 3834->3835 3835->3825 3836 4020d1 3837 402acb 17 API calls 3836->3837 3838 4020d8 3837->3838 3839 402acb 17 API calls 3838->3839 3840 4020e2 3839->3840 3841 402acb 17 API calls 3840->3841 3842 4020ec 3841->3842 3843 402acb 17 API calls 3842->3843 3844 4020f6 3843->3844 3845 402acb 17 API calls 3844->3845 3847 402100 3845->3847 3846 402142 CoCreateInstance 3851 402161 3846->3851 3853 40220c 3846->3853 3847->3846 3848 402acb 17 API calls 3847->3848 3848->3846 3849 401423 24 API calls 3850 402242 3849->3850 3852 4021ec MultiByteToWideChar 3851->3852 3851->3853 3852->3853 3853->3849 3853->3850 3854 4026d4 3855 4026da 3854->3855 3856 4026de FindNextFileA 3855->3856 3859 4026f0 3855->3859 3857 40272f 3856->3857 3856->3859 3860 405fa0 lstrcpynA 3857->3860 3860->3859 3555 4023d6 3556 402acb 17 API calls 3555->3556 3557 4023e8 3556->3557 3558 402acb 17 API calls 3557->3558 3559 4023f2 3558->3559 3572 402b5b 3559->3572 3562 402427 3563 402433 3562->3563 3566 402aa9 17 API calls 3562->3566 3567 402452 RegSetValueExA 3563->3567 3569 402f9c 31 API calls 3563->3569 3564 402acb 17 API calls 3568 402420 lstrlenA 3564->3568 3565 40271c 3566->3563 3570 402468 RegCloseKey 3567->3570 3568->3562 3569->3567 3570->3565 3573 402b76 3572->3573 3576 405e54 3573->3576 3577 405e63 3576->3577 3578 402402 3577->3578 3579 405e6e RegCreateKeyExA 3577->3579 3578->3562 3578->3564 3578->3565 3579->3578 3861 4014d6 3862 402aa9 17 API calls 3861->3862 3863 4014dc Sleep 3862->3863 3865 402957 3863->3865 3580 401759 3581 402acb 17 API calls 3580->3581 3582 401760 3581->3582 3583 401786 3582->3583 3584 40177e 3582->3584 3620 405fa0 lstrcpynA 3583->3620 3619 405fa0 lstrcpynA 3584->3619 3587 401784 3590 40620a 5 API calls 3587->3590 3588 401791 3589 405938 3 API calls 3588->3589 3591 401797 lstrcatA 3589->3591 3593 4017a3 3590->3593 3591->3587 3592 4062a3 2 API calls 3592->3593 3593->3592 3594 405b14 2 API calls 3593->3594 3596 4017ba CompareFileTime 3593->3596 3597 40187e 3593->3597 3604 405fc2 17 API calls 3593->3604 3608 405fa0 lstrcpynA 3593->3608 3614 4056bc MessageBoxIndirectA 3593->3614 3617 401855 3593->3617 3618 405b39 GetFileAttributesA CreateFileA 3593->3618 3594->3593 3596->3593 3598 4050c7 24 API calls 3597->3598 3599 401888 3598->3599 3601 402f9c 31 API calls 3599->3601 3600 4050c7 24 API calls 3607 40186a 3600->3607 3602 40189b 3601->3602 3603 4018af SetFileTime 3602->3603 3605 4018c1 FindCloseChangeNotification 3602->3605 3603->3605 3604->3593 3606 4018d2 3605->3606 3605->3607 3609 4018d7 3606->3609 3610 4018ea 3606->3610 3608->3593 3611 405fc2 17 API calls 3609->3611 3612 405fc2 17 API calls 3610->3612 3615 4018df lstrcatA 3611->3615 3613 4018f2 3612->3613 3616 4056bc MessageBoxIndirectA 3613->3616 3614->3593 3615->3613 3616->3607 3617->3600 3617->3607 3618->3593 3619->3587 3620->3588 3866 401659 3867 402acb 17 API calls 3866->3867 3868 40165f 3867->3868 3869 4062a3 2 API calls 3868->3869 3870 401665 3869->3870 3871 401959 3872 402aa9 17 API calls 3871->3872 3873 401960 3872->3873 3874 402aa9 17 API calls 3873->3874 3875 40196d 3874->3875 3876 402acb 17 API calls 3875->3876 3877 401984 lstrlenA 3876->3877 3879 401994 3877->3879 3878 4019d4 3879->3878 3883 405fa0 lstrcpynA 3879->3883 3881 4019c4 3881->3878 3882 4019c9 lstrlenA 3881->3882 3882->3878 3883->3881 3884 401cda 3885 402aa9 17 API calls 3884->3885 3886 401ce0 IsWindow 3885->3886 3887 401a0e 3886->3887 3888 401a5e 3889 402aa9 17 API calls 3888->3889 3890 401a67 3889->3890 3891 402aa9 17 API calls 3890->3891 3892 401a0e 3891->3892 3893 401f61 3894 402acb 17 API calls 3893->3894 3895 401f68 3894->3895 3896 406338 5 API calls 3895->3896 3897 401f77 3896->3897 3898 401ff7 3897->3898 3899 401f8f GlobalAlloc 3897->3899 3899->3898 3900 401fa3 3899->3900 3901 406338 5 API calls 3900->3901 3902 401faa 3901->3902 3903 406338 5 API calls 3902->3903 3904 401fb4 3903->3904 3904->3898 3908 405efe wsprintfA 3904->3908 3906 401feb 3909 405efe wsprintfA 3906->3909 3908->3906 3909->3898 3910 402561 3911 402acb 17 API calls 3910->3911 3912 402568 3911->3912 3915 405b39 GetFileAttributesA CreateFileA 3912->3915 3914 402574 3915->3914 2800 401b63 2801 401bb4 2800->2801 2805 401b70 2800->2805 2802 401bb8 2801->2802 2803 401bdd GlobalAlloc 2801->2803 2816 4022e7 2802->2816 2820 405fa0 lstrcpynA 2802->2820 2823 405fc2 2803->2823 2804 4022d4 2807 405fc2 17 API calls 2804->2807 2805->2804 2808 401b87 2805->2808 2811 4022e1 2807->2811 2821 405fa0 lstrcpynA 2808->2821 2840 4056bc 2811->2840 2813 401bca GlobalFree 2813->2816 2815 401b96 2822 405fa0 lstrcpynA 2815->2822 2818 401ba5 2844 405fa0 lstrcpynA 2818->2844 2820->2813 2821->2815 2822->2818 2835 405fcf 2823->2835 2824 401bf8 2824->2816 2825 4061f1 2825->2824 2861 405fa0 lstrcpynA 2825->2861 2827 4061cb lstrlenA 2827->2835 2830 405fc2 10 API calls 2830->2827 2832 4060e7 GetSystemDirectoryA 2832->2835 2833 4060fa GetWindowsDirectoryA 2833->2835 2835->2825 2835->2827 2835->2830 2835->2832 2835->2833 2836 40612e SHGetSpecialFolderLocation 2835->2836 2837 405fc2 10 API calls 2835->2837 2838 406174 lstrcatA 2835->2838 2845 405e87 2835->2845 2850 40620a 2835->2850 2859 405efe wsprintfA 2835->2859 2860 405fa0 lstrcpynA 2835->2860 2836->2835 2839 406146 SHGetPathFromIDListA CoTaskMemFree 2836->2839 2837->2835 2838->2835 2839->2835 2841 4056d1 2840->2841 2842 40571d 2841->2842 2843 4056e5 MessageBoxIndirectA 2841->2843 2842->2816 2843->2842 2844->2816 2862 405e26 2845->2862 2848 405eea 2848->2835 2849 405ebb RegQueryValueExA RegCloseKey 2849->2848 2856 406216 2850->2856 2851 40627e 2852 406282 CharPrevA 2851->2852 2854 40629d 2851->2854 2852->2851 2853 406273 CharNextA 2853->2851 2853->2856 2854->2835 2856->2851 2856->2853 2857 406261 CharNextA 2856->2857 2858 40626e CharNextA 2856->2858 2866 405963 2856->2866 2857->2856 2858->2853 2859->2835 2860->2835 2861->2824 2863 405e35 2862->2863 2864 405e39 2863->2864 2865 405e3e RegOpenKeyExA 2863->2865 2864->2848 2864->2849 2865->2864 2867 405969 2866->2867 2868 40597c 2867->2868 2869 40596f CharNextA 2867->2869 2868->2856 2869->2867 3916 401563 3917 4028ff 3916->3917 3920 405efe wsprintfA 3917->3920 3919 402904 3920->3919 3921 4024e5 3922 402b0b 17 API calls 3921->3922 3923 4024ef 3922->3923 3924 402aa9 17 API calls 3923->3924 3925 4024f8 3924->3925 3926 402513 RegEnumKeyA 3925->3926 3927 40251f RegEnumValueA 3925->3927 3929 40271c 3925->3929 3928 402534 RegCloseKey 3926->3928 3927->3928 3928->3929 3931 40166a 3932 402acb 17 API calls 3931->3932 3933 401671 3932->3933 3934 402acb 17 API calls 3933->3934 3935 40167a 3934->3935 3936 402acb 17 API calls 3935->3936 3937 401683 MoveFileA 3936->3937 3938 401696 3937->3938 3939 40168f 3937->3939 3941 4062a3 2 API calls 3938->3941 3943 402242 3938->3943 3940 401423 24 API calls 3939->3940 3940->3943 3942 4016a5 3941->3942 3942->3943 3944 405d7f 36 API calls 3942->3944 3944->3939 3044 403b6b 3045 403b83 3044->3045 3046 403cbe 3044->3046 3045->3046 3047 403b8f 3045->3047 3048 403d0f 3046->3048 3049 403ccf GetDlgItem GetDlgItem 3046->3049 3050 403b9a SetWindowPos 3047->3050 3051 403bad 3047->3051 3053 403d69 3048->3053 3058 401389 2 API calls 3048->3058 3052 40403f 18 API calls 3049->3052 3050->3051 3055 403bb2 ShowWindow 3051->3055 3056 403bca 3051->3056 3057 403cf9 KiUserCallbackDispatcher 3052->3057 3054 40408b SendMessageA 3053->3054 3059 403cb9 3053->3059 3084 403d7b 3054->3084 3055->3056 3060 403bd2 DestroyWindow 3056->3060 3061 403bec 3056->3061 3115 40140b 3057->3115 3063 403d41 3058->3063 3064 403fc8 3060->3064 3065 403bf1 SetWindowLongA 3061->3065 3066 403c02 3061->3066 3063->3053 3067 403d45 SendMessageA 3063->3067 3064->3059 3075 403ff9 ShowWindow 3064->3075 3065->3059 3070 403cab 3066->3070 3071 403c0e GetDlgItem 3066->3071 3067->3059 3068 40140b 2 API calls 3068->3084 3069 403fca DestroyWindow EndDialog 3069->3064 3074 4040a6 8 API calls 3070->3074 3072 403c21 SendMessageA IsWindowEnabled 3071->3072 3073 403c3e 3071->3073 3072->3059 3072->3073 3077 403c4b 3073->3077 3078 403c92 SendMessageA 3073->3078 3079 403c5e 3073->3079 3089 403c43 3073->3089 3074->3059 3075->3059 3076 405fc2 17 API calls 3076->3084 3077->3078 3077->3089 3078->3070 3081 403c66 3079->3081 3082 403c7b 3079->3082 3080 404018 SendMessageA 3083 403c79 3080->3083 3087 40140b 2 API calls 3081->3087 3085 40140b 2 API calls 3082->3085 3083->3070 3084->3059 3084->3068 3084->3069 3084->3076 3086 40403f 18 API calls 3084->3086 3090 40403f 18 API calls 3084->3090 3106 403f0a DestroyWindow 3084->3106 3088 403c82 3085->3088 3086->3084 3087->3089 3088->3070 3088->3089 3089->3080 3091 403df6 GetDlgItem 3090->3091 3092 403e13 ShowWindow KiUserCallbackDispatcher 3091->3092 3093 403e0b 3091->3093 3118 404061 KiUserCallbackDispatcher 3092->3118 3093->3092 3095 403e3d EnableWindow 3100 403e51 3095->3100 3096 403e56 GetSystemMenu EnableMenuItem SendMessageA 3097 403e86 SendMessageA 3096->3097 3096->3100 3097->3100 3100->3096 3119 404074 SendMessageA 3100->3119 3120 403b4c 3100->3120 3123 405fa0 lstrcpynA 3100->3123 3102 403eb5 lstrlenA 3103 405fc2 17 API calls 3102->3103 3104 403ec6 SetWindowTextA 3103->3104 3105 401389 2 API calls 3104->3105 3105->3084 3106->3064 3107 403f24 CreateDialogParamA 3106->3107 3107->3064 3108 403f57 3107->3108 3109 40403f 18 API calls 3108->3109 3110 403f62 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3109->3110 3111 401389 2 API calls 3110->3111 3112 403fa8 3111->3112 3112->3059 3113 403fb0 ShowWindow 3112->3113 3114 40408b SendMessageA 3113->3114 3114->3064 3116 401389 2 API calls 3115->3116 3117 401420 3116->3117 3117->3048 3118->3095 3119->3100 3121 405fc2 17 API calls 3120->3121 3122 403b5a SetWindowTextA 3121->3122 3122->3100 3123->3102 3945 4019ed 3946 402acb 17 API calls 3945->3946 3947 4019f4 3946->3947 3948 402acb 17 API calls 3947->3948 3949 4019fd 3948->3949 3950 401a04 lstrcmpiA 3949->3950 3951 401a16 lstrcmpA 3949->3951 3952 401a0a 3950->3952 3951->3952 3953 40156f 3954 401586 3953->3954 3955 40157f ShowWindow 3953->3955 3956 401594 ShowWindow 3954->3956 3957 402957 3954->3957 3955->3954 3956->3957 3527 402473 3538 402b0b 3527->3538 3530 402acb 17 API calls 3531 402486 3530->3531 3532 402490 RegQueryValueExA 3531->3532 3537 40271c 3531->3537 3533 4024b0 3532->3533 3534 4024b6 RegCloseKey 3532->3534 3533->3534 3543 405efe wsprintfA 3533->3543 3534->3537 3539 402acb 17 API calls 3538->3539 3540 402b22 3539->3540 3541 405e26 RegOpenKeyExA 3540->3541 3542 40247d 3541->3542 3542->3530 3543->3534 3544 4036f4 3545 40370c 3544->3545 3546 4036fe CloseHandle 3544->3546 3551 403739 3545->3551 3546->3545 3549 405768 67 API calls 3550 40371d 3549->3550 3552 403747 3551->3552 3553 403711 3552->3553 3554 40374c FreeLibrary GlobalFree 3552->3554 3553->3549 3554->3553 3554->3554 3958 4014f4 SetForegroundWindow 3959 402957 3958->3959 3960 404175 lstrcpynA lstrlenA 3961 401cfb 3962 402aa9 17 API calls 3961->3962 3963 401d02 3962->3963 3964 402aa9 17 API calls 3963->3964 3965 401d0e GetDlgItem 3964->3965 3966 40257d 3965->3966 3967 402c7c 3968 402ca4 3967->3968 3969 402c8b SetTimer 3967->3969 3970 402cf9 3968->3970 3971 402cbe MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 3968->3971 3969->3968 3971->3970 3972 4022fc 3973 402304 3972->3973 3974 40230a 3972->3974 3975 402acb 17 API calls 3973->3975 3976 40231a 3974->3976 3977 402acb 17 API calls 3974->3977 3975->3974 3978 402328 3976->3978 3979 402acb 17 API calls 3976->3979 3977->3976 3980 402acb 17 API calls 3978->3980 3979->3978 3981 402331 WritePrivateProfileStringA 3980->3981 3982 4018fd 3983 401934 3982->3983 3984 402acb 17 API calls 3983->3984 3985 401939 3984->3985 3986 405768 67 API calls 3985->3986 3987 401942 3986->3987 3988 4026fe 3989 402acb 17 API calls 3988->3989 3990 402705 FindFirstFileA 3989->3990 3991 402728 3990->3991 3995 402718 3990->3995 3992 40272f 3991->3992 3996 405efe wsprintfA 3991->3996 3997 405fa0 lstrcpynA 3992->3997 3996->3992 3997->3995 3998 401000 3999 401037 BeginPaint GetClientRect 3998->3999 4000 40100c DefWindowProcA 3998->4000 4002 4010f3 3999->4002 4003 401179 4000->4003 4004 401073 CreateBrushIndirect FillRect DeleteObject 4002->4004 4005 4010fc 4002->4005 4004->4002 4006 401102 CreateFontIndirectA 4005->4006 4007 401167 EndPaint 4005->4007 4006->4007 4008 401112 6 API calls 4006->4008 4007->4003 4008->4007 4009 401900 4010 402acb 17 API calls 4009->4010 4011 401907 4010->4011 4012 4056bc MessageBoxIndirectA 4011->4012 4013 401910 4012->4013 4014 402381 4015 4023b3 4014->4015 4016 402388 4014->4016 4018 402acb 17 API calls 4015->4018 4017 402b0b 17 API calls 4016->4017 4019 40238f 4017->4019 4020 4023ba 4018->4020 4022 402acb 17 API calls 4019->4022 4024 4023c7 4019->4024 4025 402b89 4020->4025 4023 4023a0 RegDeleteValueA RegCloseKey 4022->4023 4023->4024 4026 402b95 4025->4026 4027 402b9c 4025->4027 4026->4024 4027->4026 4029 402bcd 4027->4029 4030 405e26 RegOpenKeyExA 4029->4030 4031 402bfb 4030->4031 4032 402c21 RegEnumKeyA 4031->4032 4033 402c38 RegCloseKey 4031->4033 4035 402c59 RegCloseKey 4031->4035 4037 402bcd 6 API calls 4031->4037 4039 402c4c 4031->4039 4032->4031 4032->4033 4034 406338 5 API calls 4033->4034 4036 402c48 4034->4036 4035->4039 4038 402c69 RegDeleteKeyA 4036->4038 4036->4039 4037->4031 4038->4039 4039->4026 4040 401502 4041 40151d 4040->4041 4042 40150a 4040->4042 4043 402aa9 17 API calls 4042->4043 4043->4041 2870 402003 2871 402015 2870->2871 2872 4020c3 2870->2872 2888 402acb 2871->2888 2874 401423 24 API calls 2872->2874 2881 402242 2874->2881 2876 402acb 17 API calls 2877 402025 2876->2877 2878 40203a LoadLibraryExA 2877->2878 2879 40202d GetModuleHandleA 2877->2879 2878->2872 2880 40204a GetProcAddress 2878->2880 2879->2878 2879->2880 2882 402096 2880->2882 2883 402059 2880->2883 2897 4050c7 2882->2897 2886 402069 2883->2886 2894 401423 2883->2894 2886->2881 2887 4020b7 FreeLibrary 2886->2887 2887->2881 2889 402ad7 2888->2889 2890 405fc2 17 API calls 2889->2890 2891 402af8 2890->2891 2892 40201c 2891->2892 2893 40620a 5 API calls 2891->2893 2892->2876 2893->2892 2895 4050c7 24 API calls 2894->2895 2896 401431 2895->2896 2896->2886 2898 4050e2 2897->2898 2907 405185 2897->2907 2899 4050ff lstrlenA 2898->2899 2900 405fc2 17 API calls 2898->2900 2901 405128 2899->2901 2902 40510d lstrlenA 2899->2902 2900->2899 2904 40513b 2901->2904 2905 40512e SetWindowTextA 2901->2905 2903 40511f lstrcatA 2902->2903 2902->2907 2903->2901 2906 405141 SendMessageA SendMessageA SendMessageA 2904->2906 2904->2907 2905->2904 2906->2907 2907->2886 4044 402583 4045 402588 4044->4045 4046 40259c 4044->4046 4047 402aa9 17 API calls 4045->4047 4048 402acb 17 API calls 4046->4048 4049 402591 4047->4049 4050 4025a3 lstrlenA 4048->4050 4051 405be0 WriteFile 4049->4051 4052 4025c5 4049->4052 4050->4049 4051->4052 2908 405205 2909 4053b0 2908->2909 2910 405227 GetDlgItem GetDlgItem GetDlgItem 2908->2910 2911 4053e0 2909->2911 2912 4053b8 GetDlgItem CreateThread FindCloseChangeNotification 2909->2912 2954 404074 SendMessageA 2910->2954 2915 40540e 2911->2915 2916 4053f6 ShowWindow ShowWindow 2911->2916 2917 40542f 2911->2917 2912->2911 2977 405199 OleInitialize 2912->2977 2914 405297 2920 40529e GetClientRect GetSystemMetrics SendMessageA SendMessageA 2914->2920 2918 405416 2915->2918 2919 405469 2915->2919 2959 404074 SendMessageA 2916->2959 2963 4040a6 2917->2963 2922 405442 ShowWindow 2918->2922 2923 40541e 2918->2923 2919->2917 2927 405476 SendMessageA 2919->2927 2925 4052f0 SendMessageA SendMessageA 2920->2925 2926 40530c 2920->2926 2929 405462 2922->2929 2930 405454 2922->2930 2960 404018 2923->2960 2925->2926 2932 405311 SendMessageA 2926->2932 2933 40531f 2926->2933 2934 40543b 2927->2934 2935 40548f CreatePopupMenu 2927->2935 2931 404018 SendMessageA 2929->2931 2936 4050c7 24 API calls 2930->2936 2931->2919 2932->2933 2955 40403f 2933->2955 2937 405fc2 17 API calls 2935->2937 2936->2929 2939 40549f AppendMenuA 2937->2939 2941 4054d0 TrackPopupMenu 2939->2941 2942 4054bd GetWindowRect 2939->2942 2940 40532f 2943 405338 ShowWindow 2940->2943 2944 40536c GetDlgItem SendMessageA 2940->2944 2941->2934 2945 4054ec 2941->2945 2942->2941 2946 40535b 2943->2946 2947 40534e ShowWindow 2943->2947 2944->2934 2948 405393 SendMessageA SendMessageA 2944->2948 2949 40550b SendMessageA 2945->2949 2958 404074 SendMessageA 2946->2958 2947->2946 2948->2934 2949->2949 2950 405528 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 2949->2950 2952 40554a SendMessageA 2950->2952 2952->2952 2953 40556c GlobalUnlock SetClipboardData CloseClipboard 2952->2953 2953->2934 2954->2914 2956 405fc2 17 API calls 2955->2956 2957 40404a SetDlgItemTextA 2956->2957 2957->2940 2958->2944 2959->2915 2961 404025 SendMessageA 2960->2961 2962 40401f 2960->2962 2961->2917 2962->2961 2964 404169 2963->2964 2965 4040be GetWindowLongA 2963->2965 2964->2934 2965->2964 2966 4040d3 2965->2966 2966->2964 2967 404100 GetSysColor 2966->2967 2968 404103 2966->2968 2967->2968 2969 404113 SetBkMode 2968->2969 2970 404109 SetTextColor 2968->2970 2971 404131 2969->2971 2972 40412b GetSysColor 2969->2972 2970->2969 2973 404138 SetBkColor 2971->2973 2974 404142 2971->2974 2972->2971 2973->2974 2974->2964 2975 404155 DeleteObject 2974->2975 2976 40415c CreateBrushIndirect 2974->2976 2975->2976 2976->2964 2984 40408b 2977->2984 2979 4051bc 2983 4051e3 2979->2983 2987 401389 2979->2987 2980 40408b SendMessageA 2981 4051f5 OleUninitialize 2980->2981 2983->2980 2985 4040a3 2984->2985 2986 404094 SendMessageA 2984->2986 2985->2979 2986->2985 2989 401390 2987->2989 2988 4013fe 2988->2979 2989->2988 2990 4013cb MulDiv SendMessageA 2989->2990 2990->2989 4053 402688 4054 402904 4053->4054 4055 40268f 4053->4055 4056 402aa9 17 API calls 4055->4056 4057 402696 4056->4057 4058 4026a5 SetFilePointer 4057->4058 4058->4054 4059 4026b5 4058->4059 4061 405efe wsprintfA 4059->4061 4061->4054 3001 401c0a 3023 402aa9 3001->3023 3003 401c11 3004 402aa9 17 API calls 3003->3004 3005 401c1e 3004->3005 3006 401c33 3005->3006 3007 402acb 17 API calls 3005->3007 3008 402acb 17 API calls 3006->3008 3012 401c43 3006->3012 3007->3006 3008->3012 3009 401c9a 3011 402acb 17 API calls 3009->3011 3010 401c4e 3013 402aa9 17 API calls 3010->3013 3014 401c9f 3011->3014 3012->3009 3012->3010 3015 401c53 3013->3015 3017 402acb 17 API calls 3014->3017 3016 402aa9 17 API calls 3015->3016 3018 401c5f 3016->3018 3019 401ca8 FindWindowExA 3017->3019 3020 401c8a SendMessageA 3018->3020 3021 401c6c SendMessageTimeoutA 3018->3021 3022 401cc6 3019->3022 3020->3022 3021->3022 3024 405fc2 17 API calls 3023->3024 3025 402abe 3024->3025 3025->3003 4062 40448a 4063 4044c0 4062->4063 4064 40449a 4062->4064 4066 4040a6 8 API calls 4063->4066 4065 40403f 18 API calls 4064->4065 4067 4044a7 SetDlgItemTextA 4065->4067 4068 4044cc 4066->4068 4067->4063 3132 40320c SetErrorMode GetVersion 3133 40324d 3132->3133 3134 403253 3132->3134 3135 406338 5 API calls 3133->3135 3222 4062ca GetSystemDirectoryA 3134->3222 3135->3134 3137 403269 lstrlenA 3137->3134 3138 403278 3137->3138 3225 406338 GetModuleHandleA 3138->3225 3141 406338 5 API calls 3142 403286 3141->3142 3143 406338 5 API calls 3142->3143 3144 403292 #17 OleInitialize SHGetFileInfoA 3143->3144 3231 405fa0 lstrcpynA 3144->3231 3147 4032de GetCommandLineA 3232 405fa0 lstrcpynA 3147->3232 3149 4032f0 3150 405963 CharNextA 3149->3150 3151 403319 CharNextA 3150->3151 3157 403329 3151->3157 3152 4033f3 3153 403406 GetTempPathA 3152->3153 3233 4031db 3153->3233 3155 40341e 3158 403422 GetWindowsDirectoryA lstrcatA 3155->3158 3159 403478 DeleteFileA 3155->3159 3156 405963 CharNextA 3156->3157 3157->3152 3157->3156 3162 4033f5 3157->3162 3161 4031db 12 API calls 3158->3161 3243 402d63 GetTickCount GetModuleFileNameA 3159->3243 3164 40343e 3161->3164 3327 405fa0 lstrcpynA 3162->3327 3163 40348c 3165 403526 ExitProcess OleUninitialize 3163->3165 3169 403512 3163->3169 3174 405963 CharNextA 3163->3174 3164->3159 3167 403442 GetTempPathA lstrcatA SetEnvironmentVariableA SetEnvironmentVariableA 3164->3167 3170 40365a 3165->3170 3171 40353c 3165->3171 3168 4031db 12 API calls 3167->3168 3172 403470 3168->3172 3271 4037ce 3169->3271 3176 403662 GetCurrentProcess OpenProcessToken 3170->3176 3177 4036dc ExitProcess 3170->3177 3175 4056bc MessageBoxIndirectA 3171->3175 3172->3159 3172->3165 3179 4034a7 3174->3179 3181 40354a ExitProcess 3175->3181 3182 4036ad 3176->3182 3183 40367d LookupPrivilegeValueA AdjustTokenPrivileges 3176->3183 3178 403522 3178->3165 3186 403552 3179->3186 3187 4034ed 3179->3187 3184 406338 5 API calls 3182->3184 3183->3182 3185 4036b4 3184->3185 3188 4036c9 ExitWindowsEx 3185->3188 3191 4036d5 3185->3191 3344 405627 3186->3344 3328 405a26 3187->3328 3188->3177 3188->3191 3194 40140b 2 API calls 3191->3194 3194->3177 3195 403573 lstrcatA lstrcmpiA 3195->3165 3198 40358f 3195->3198 3196 403568 lstrcatA 3196->3195 3200 403594 3198->3200 3201 40359b 3198->3201 3199 403507 3343 405fa0 lstrcpynA 3199->3343 3347 40558d CreateDirectoryA 3200->3347 3352 40560a CreateDirectoryA 3201->3352 3206 4035a0 SetCurrentDirectoryA 3207 4035ba 3206->3207 3208 4035af 3206->3208 3356 405fa0 lstrcpynA 3207->3356 3355 405fa0 lstrcpynA 3208->3355 3211 405fc2 17 API calls 3212 4035f9 DeleteFileA 3211->3212 3213 403606 CopyFileA 3212->3213 3219 4035c8 3212->3219 3213->3219 3214 40364e 3216 405d7f 36 API calls 3214->3216 3217 403655 3216->3217 3217->3165 3218 405fc2 17 API calls 3218->3219 3219->3211 3219->3214 3219->3218 3221 40363a CloseHandle 3219->3221 3357 405d7f MoveFileExA 3219->3357 3361 40563f CreateProcessA 3219->3361 3221->3219 3223 4062ec wsprintfA LoadLibraryExA 3222->3223 3223->3137 3226 406354 3225->3226 3227 40635e GetProcAddress 3225->3227 3228 4062ca 3 API calls 3226->3228 3229 40327f 3227->3229 3230 40635a 3228->3230 3229->3141 3230->3227 3230->3229 3231->3147 3232->3149 3234 40620a 5 API calls 3233->3234 3236 4031e7 3234->3236 3235 4031f1 3235->3155 3236->3235 3364 405938 lstrlenA CharPrevA 3236->3364 3239 40560a 2 API calls 3240 4031ff 3239->3240 3241 405b68 2 API calls 3240->3241 3242 40320a 3241->3242 3242->3155 3367 405b39 GetFileAttributesA CreateFileA 3243->3367 3245 402da3 3246 402db3 3245->3246 3368 405fa0 lstrcpynA 3245->3368 3246->3163 3248 402dc9 3369 40597f lstrlenA 3248->3369 3252 402dda GetFileSize 3267 402ed6 3252->3267 3270 402df1 3252->3270 3254 402edf 3254->3246 3256 402f0f GlobalAlloc 3254->3256 3409 4031c4 SetFilePointer 3254->3409 3385 4031c4 SetFilePointer 3256->3385 3258 402f42 3262 402cff 6 API calls 3258->3262 3260 402ef8 3263 4031ae ReadFile 3260->3263 3261 402f2a 3386 402f9c 3261->3386 3262->3246 3265 402f03 3263->3265 3265->3246 3265->3256 3266 402cff 6 API calls 3266->3270 3374 402cff 3267->3374 3268 402f36 3268->3246 3268->3268 3269 402f73 SetFilePointer 3268->3269 3269->3246 3270->3246 3270->3258 3270->3266 3270->3267 3406 4031ae 3270->3406 3272 406338 5 API calls 3271->3272 3273 4037e2 3272->3273 3274 4037e8 3273->3274 3275 4037fa 3273->3275 3427 405efe wsprintfA 3274->3427 3276 405e87 3 API calls 3275->3276 3277 403825 3276->3277 3279 403843 lstrcatA 3277->3279 3281 405e87 3 API calls 3277->3281 3280 4037f8 3279->3280 3419 403a93 3280->3419 3281->3279 3284 405a26 18 API calls 3285 403875 3284->3285 3286 4038fe 3285->3286 3288 405e87 3 API calls 3285->3288 3287 405a26 18 API calls 3286->3287 3289 403904 3287->3289 3290 4038a1 3288->3290 3291 403914 LoadImageA 3289->3291 3292 405fc2 17 API calls 3289->3292 3290->3286 3295 4038bd lstrlenA 3290->3295 3298 405963 CharNextA 3290->3298 3293 4039ba 3291->3293 3294 40393b RegisterClassA 3291->3294 3292->3291 3297 40140b 2 API calls 3293->3297 3296 403971 SystemParametersInfoA CreateWindowExA 3294->3296 3326 4039c4 3294->3326 3299 4038f1 3295->3299 3300 4038cb lstrcmpiA 3295->3300 3296->3293 3301 4039c0 3297->3301 3302 4038bb 3298->3302 3304 405938 3 API calls 3299->3304 3300->3299 3303 4038db GetFileAttributesA 3300->3303 3306 403a93 18 API calls 3301->3306 3301->3326 3302->3295 3305 4038e7 3303->3305 3307 4038f7 3304->3307 3305->3299 3309 40597f 2 API calls 3305->3309 3310 4039d1 3306->3310 3428 405fa0 lstrcpynA 3307->3428 3309->3299 3311 403a60 3310->3311 3312 4039dd ShowWindow 3310->3312 3314 405199 5 API calls 3311->3314 3313 4062ca 3 API calls 3312->3313 3315 4039f5 3313->3315 3316 403a66 3314->3316 3317 403a03 GetClassInfoA 3315->3317 3320 4062ca 3 API calls 3315->3320 3318 403a82 3316->3318 3319 403a6a 3316->3319 3322 403a17 GetClassInfoA RegisterClassA 3317->3322 3323 403a2d DialogBoxParamA 3317->3323 3321 40140b 2 API calls 3318->3321 3324 40140b 2 API calls 3319->3324 3319->3326 3320->3317 3321->3326 3322->3323 3325 40140b 2 API calls 3323->3325 3324->3326 3325->3326 3326->3178 3327->3153 3430 405fa0 lstrcpynA 3328->3430 3330 405a37 3431 4059d1 CharNextA CharNextA 3330->3431 3333 4034f8 3333->3165 3342 405fa0 lstrcpynA 3333->3342 3334 40620a 5 API calls 3335 405a4d 3334->3335 3335->3333 3336 405a78 lstrlenA 3335->3336 3339 4062a3 2 API calls 3335->3339 3341 40597f 2 API calls 3335->3341 3336->3335 3337 405a83 3336->3337 3338 405938 3 API calls 3337->3338 3340 405a88 GetFileAttributesA 3338->3340 3339->3335 3340->3333 3341->3336 3342->3199 3343->3169 3345 406338 5 API calls 3344->3345 3346 403557 lstrcatA 3345->3346 3346->3195 3346->3196 3348 403599 3347->3348 3349 4055de GetLastError 3347->3349 3348->3206 3349->3348 3350 4055ed SetFileSecurityA 3349->3350 3350->3348 3351 405603 GetLastError 3350->3351 3351->3348 3353 40561a 3352->3353 3354 40561e GetLastError 3352->3354 3353->3206 3354->3353 3355->3207 3356->3219 3358 405da0 3357->3358 3359 405d93 3357->3359 3358->3219 3437 405c0f 3359->3437 3362 405672 CloseHandle 3361->3362 3363 40567e 3361->3363 3362->3363 3363->3219 3365 405952 lstrcatA 3364->3365 3366 4031f9 3364->3366 3365->3366 3366->3239 3367->3245 3368->3248 3370 40598c 3369->3370 3371 405991 CharPrevA 3370->3371 3372 402dcf 3370->3372 3371->3370 3371->3372 3373 405fa0 lstrcpynA 3372->3373 3373->3252 3375 402d20 3374->3375 3376 402d08 3374->3376 3377 402d30 GetTickCount 3375->3377 3378 402d28 3375->3378 3379 402d11 DestroyWindow 3376->3379 3380 402d18 3376->3380 3382 402d61 3377->3382 3383 402d3e CreateDialogParamA ShowWindow 3377->3383 3410 406374 3378->3410 3379->3380 3380->3254 3382->3254 3383->3382 3385->3261 3388 402fb2 3386->3388 3387 402fe0 3390 4031ae ReadFile 3387->3390 3388->3387 3416 4031c4 SetFilePointer 3388->3416 3391 402feb 3390->3391 3392 403147 3391->3392 3393 402ffd GetTickCount 3391->3393 3395 403131 3391->3395 3394 403189 3392->3394 3399 40314b 3392->3399 3393->3395 3402 40304c 3393->3402 3397 4031ae ReadFile 3394->3397 3395->3268 3396 4031ae ReadFile 3396->3402 3397->3395 3398 4031ae ReadFile 3398->3399 3399->3395 3399->3398 3400 405be0 WriteFile 3399->3400 3400->3399 3401 4030a2 GetTickCount 3401->3402 3402->3395 3402->3396 3402->3401 3403 4030c7 MulDiv wsprintfA 3402->3403 3414 405be0 WriteFile 3402->3414 3404 4050c7 24 API calls 3403->3404 3404->3402 3417 405bb1 ReadFile 3406->3417 3409->3260 3411 406391 PeekMessageA 3410->3411 3412 402d2e 3411->3412 3413 406387 DispatchMessageA 3411->3413 3412->3254 3413->3411 3415 405bfe 3414->3415 3415->3402 3416->3387 3418 4031c1 3417->3418 3418->3270 3420 403aa7 3419->3420 3429 405efe wsprintfA 3420->3429 3422 403b18 3423 403b4c 18 API calls 3422->3423 3425 403b1d 3423->3425 3424 403853 3424->3284 3425->3424 3426 405fc2 17 API calls 3425->3426 3426->3425 3427->3280 3428->3286 3429->3422 3430->3330 3432 4059ec 3431->3432 3436 4059fc 3431->3436 3434 4059f7 CharNextA 3432->3434 3432->3436 3433 405a1c 3433->3333 3433->3334 3434->3433 3435 405963 CharNextA 3435->3436 3436->3433 3436->3435 3438 405c35 3437->3438 3439 405c5b GetShortPathNameA 3437->3439 3464 405b39 GetFileAttributesA CreateFileA 3438->3464 3440 405c70 3439->3440 3441 405d7a 3439->3441 3440->3441 3443 405c78 wsprintfA 3440->3443 3441->3358 3446 405fc2 17 API calls 3443->3446 3444 405c3f CloseHandle GetShortPathNameA 3444->3441 3445 405c53 3444->3445 3445->3439 3445->3441 3447 405ca0 3446->3447 3465 405b39 GetFileAttributesA CreateFileA 3447->3465 3449 405cad 3449->3441 3450 405cbc GetFileSize GlobalAlloc 3449->3450 3451 405d73 CloseHandle 3450->3451 3452 405cde 3450->3452 3451->3441 3453 405bb1 ReadFile 3452->3453 3454 405ce6 3453->3454 3454->3451 3466 405a9e lstrlenA 3454->3466 3457 405d11 3459 405a9e 4 API calls 3457->3459 3458 405cfd lstrcpyA 3460 405d1f 3458->3460 3459->3460 3461 405d56 SetFilePointer 3460->3461 3462 405be0 WriteFile 3461->3462 3463 405d6c GlobalFree 3462->3463 3463->3451 3464->3444 3465->3449 3467 405adf lstrlenA 3466->3467 3468 405ab8 lstrcmpiA 3467->3468 3469 405ae7 3467->3469 3468->3469 3470 405ad6 CharNextA 3468->3470 3469->3457 3469->3458 3470->3467 4069 40378c 4070 403797 4069->4070 4071 40379b 4070->4071 4072 40379e GlobalAlloc 4070->4072 4072->4071 4073 401490 4074 4050c7 24 API calls 4073->4074 4075 401497 4074->4075 4076 401d9b GetDC 4077 402aa9 17 API calls 4076->4077 4078 401dad GetDeviceCaps MulDiv ReleaseDC 4077->4078 4079 402aa9 17 API calls 4078->4079 4080 401dde 4079->4080 4081 405fc2 17 API calls 4080->4081 4082 401e1b CreateFontIndirectA 4081->4082 4083 40257d 4082->4083 4084 40149d 4085 4014ab PostQuitMessage 4084->4085 4086 4022e7 4084->4086 4085->4086 4087 40159d 4088 402acb 17 API calls 4087->4088 4089 4015a4 SetFileAttributesA 4088->4089 4090 4015b6 4089->4090 4091 401a1e 4092 402acb 17 API calls 4091->4092 4093 401a27 ExpandEnvironmentStringsA 4092->4093 4094 401a3b 4093->4094 4095 401a4e 4093->4095 4094->4095 4096 401a40 lstrcmpA 4094->4096 4096->4095 4102 40171f 4103 402acb 17 API calls 4102->4103 4104 401726 SearchPathA 4103->4104 4105 401741 4104->4105 4106 401d20 4107 402aa9 17 API calls 4106->4107 4108 401d2e SetWindowLongA 4107->4108 4109 402957 4108->4109 4110 404822 4111 404832 4110->4111 4112 40484e 4110->4112 4121 4056a0 GetDlgItemTextA 4111->4121 4114 404881 4112->4114 4115 404854 SHGetPathFromIDListA 4112->4115 4117 40486b SendMessageA 4115->4117 4118 404864 4115->4118 4116 40483f SendMessageA 4116->4112 4117->4114 4119 40140b 2 API calls 4118->4119 4119->4117 4121->4116 4122 4041aa 4123 4041c0 4122->4123 4128 4042cc 4122->4128 4126 40403f 18 API calls 4123->4126 4124 40433b 4125 404405 4124->4125 4127 404345 GetDlgItem 4124->4127 4134 4040a6 8 API calls 4125->4134 4129 404216 4126->4129 4130 4043c3 4127->4130 4131 40435b 4127->4131 4128->4124 4128->4125 4132 404310 GetDlgItem SendMessageA 4128->4132 4133 40403f 18 API calls 4129->4133 4130->4125 4135 4043d5 4130->4135 4131->4130 4139 404381 SendMessageA LoadCursorA SetCursor 4131->4139 4155 404061 KiUserCallbackDispatcher 4132->4155 4137 404223 CheckDlgButton 4133->4137 4138 404400 4134->4138 4141 4043db SendMessageA 4135->4141 4142 4043ec 4135->4142 4153 404061 KiUserCallbackDispatcher 4137->4153 4156 40444e 4139->4156 4141->4142 4142->4138 4146 4043f2 SendMessageA 4142->4146 4143 404336 4147 40442a SendMessageA 4143->4147 4146->4138 4147->4124 4148 404241 GetDlgItem 4154 404074 SendMessageA 4148->4154 4150 404257 SendMessageA 4151 404275 GetSysColor 4150->4151 4152 40427e SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 4150->4152 4151->4152 4152->4138 4153->4148 4154->4150 4155->4143 4159 405682 ShellExecuteExA 4156->4159 4158 4043b4 LoadCursorA SetCursor 4158->4130 4159->4158 3124 401e2b 3125 402aa9 17 API calls 3124->3125 3126 401e31 3125->3126 3127 402aa9 17 API calls 3126->3127 3128 401e3d 3127->3128 3129 401e54 EnableWindow 3128->3129 3130 401e49 ShowWindow 3128->3130 3131 402957 3129->3131 3130->3131 4160 4063ad WaitForSingleObject 4161 4063c7 4160->4161 4162 4063d9 GetExitCodeProcess 4161->4162 4163 406374 2 API calls 4161->4163 4164 4063ce WaitForSingleObject 4163->4164 4164->4161 4165 401f31 4166 402acb 17 API calls 4165->4166 4167 401f38 4166->4167 4168 4062a3 2 API calls 4167->4168 4169 401f3e 4168->4169 4170 401f50 4169->4170 4172 405efe wsprintfA 4169->4172 4172->4170 3471 401932 3472 401934 3471->3472 3473 402acb 17 API calls 3472->3473 3474 401939 3473->3474 3477 405768 3474->3477 3478 405a26 18 API calls 3477->3478 3479 405788 3478->3479 3480 405790 DeleteFileA 3479->3480 3481 4057a7 3479->3481 3485 401942 3480->3485 3482 4058d5 3481->3482 3514 405fa0 lstrcpynA 3481->3514 3482->3485 3488 4062a3 2 API calls 3482->3488 3484 4057cd 3486 4057e0 3484->3486 3487 4057d3 lstrcatA 3484->3487 3490 40597f 2 API calls 3486->3490 3489 4057e6 3487->3489 3491 4058f9 3488->3491 3492 4057f4 lstrcatA 3489->3492 3493 4057ff lstrlenA FindFirstFileA 3489->3493 3490->3489 3491->3485 3494 405938 3 API calls 3491->3494 3492->3493 3493->3482 3512 405823 3493->3512 3495 405903 3494->3495 3497 405720 5 API calls 3495->3497 3496 405963 CharNextA 3496->3512 3498 40590f 3497->3498 3499 405913 3498->3499 3500 405929 3498->3500 3499->3485 3505 4050c7 24 API calls 3499->3505 3501 4050c7 24 API calls 3500->3501 3501->3485 3502 4058b4 FindNextFileA 3504 4058cc FindClose 3502->3504 3502->3512 3504->3482 3506 405920 3505->3506 3507 405d7f 36 API calls 3506->3507 3507->3485 3509 405768 60 API calls 3509->3512 3510 4050c7 24 API calls 3510->3502 3511 4050c7 24 API calls 3511->3512 3512->3496 3512->3502 3512->3509 3512->3510 3512->3511 3513 405d7f 36 API calls 3512->3513 3515 405fa0 lstrcpynA 3512->3515 3516 405720 3512->3516 3513->3512 3514->3484 3515->3512 3524 405b14 GetFileAttributesA 3516->3524 3519 405743 DeleteFileA 3522 405749 3519->3522 3520 40573b RemoveDirectoryA 3520->3522 3521 40574d 3521->3512 3522->3521 3523 405759 SetFileAttributesA 3522->3523 3523->3521 3525 40572c 3524->3525 3526 405b26 SetFileAttributesA 3524->3526 3525->3519 3525->3520 3525->3521 3526->3525 4173 402932 SendMessageA 4174 402957 4173->4174 4175 40294c InvalidateRect 4173->4175 4175->4174 4176 4014b7 4177 4014bd 4176->4177 4178 401389 2 API calls 4177->4178 4179 4014c5 4178->4179 4180 4026ba 4181 4026c0 4180->4181 4182 402957 4181->4182 4183 4026c8 FindClose 4181->4183 4183->4182 3621 4015bb 3622 402acb 17 API calls 3621->3622 3623 4015c2 3622->3623 3624 4059d1 4 API calls 3623->3624 3636 4015ca 3624->3636 3625 401624 3627 401652 3625->3627 3628 401629 3625->3628 3626 405963 CharNextA 3626->3636 3631 401423 24 API calls 3627->3631 3629 401423 24 API calls 3628->3629 3630 401630 3629->3630 3640 405fa0 lstrcpynA 3630->3640 3638 40164a 3631->3638 3633 40560a 2 API calls 3633->3636 3634 405627 5 API calls 3634->3636 3635 40163b SetCurrentDirectoryA 3635->3638 3636->3625 3636->3626 3636->3633 3636->3634 3637 40160c GetFileAttributesA 3636->3637 3639 40558d 4 API calls 3636->3639 3637->3636 3639->3636 3640->3635 4184 40503b 4185 40504b 4184->4185 4186 40505f 4184->4186 4187 405051 4185->4187 4196 4050a8 4185->4196 4188 405067 IsWindowVisible 4186->4188 4192 40507e 4186->4192 4190 40408b SendMessageA 4187->4190 4191 405074 4188->4191 4188->4196 4189 4050ad CallWindowProcA 4193 40505b 4189->4193 4190->4193 4194 404992 5 API calls 4191->4194 4192->4189 4195 404a12 4 API calls 4192->4195 4194->4192 4195->4196 4196->4189 4197 4016bb 4198 402acb 17 API calls 4197->4198 4199 4016c1 GetFullPathNameA 4198->4199 4202 4016d8 4199->4202 4206 4016f9 4199->4206 4200 402957 4201 40170d GetShortPathNameA 4201->4200 4203 4062a3 2 API calls 4202->4203 4202->4206 4204 4016e9 4203->4204 4204->4206 4207 405fa0 lstrcpynA 4204->4207 4206->4200 4206->4201 4207->4206 4208 40273c 4209 402acb 17 API calls 4208->4209 4211 40274a 4209->4211 4210 402760 4213 405b14 2 API calls 4210->4213 4211->4210 4212 402acb 17 API calls 4211->4212 4212->4210 4214 402766 4213->4214 4236 405b39 GetFileAttributesA CreateFileA 4214->4236 4216 402773 4217 40281c 4216->4217 4218 40277f GlobalAlloc 4216->4218 4221 402824 DeleteFileA 4217->4221 4222 402837 4217->4222 4219 402813 CloseHandle 4218->4219 4220 402798 4218->4220 4219->4217 4237 4031c4 SetFilePointer 4220->4237 4221->4222 4224 40279e 4225 4031ae ReadFile 4224->4225 4226 4027a7 GlobalAlloc 4225->4226 4227 4027f1 4226->4227 4228 4027b7 4226->4228 4229 405be0 WriteFile 4227->4229 4230 402f9c 31 API calls 4228->4230 4231 4027fd GlobalFree 4229->4231 4235 4027c4 4230->4235 4232 402f9c 31 API calls 4231->4232 4234 402810 4232->4234 4233 4027e8 GlobalFree 4233->4227 4234->4219 4235->4233 4236->4216 4237->4224 4238 401b3f 4239 402acb 17 API calls 4238->4239 4240 401b46 4239->4240 4241 402aa9 17 API calls 4240->4241 4242 401b4f wsprintfA 4241->4242 4243 402957 4242->4243

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 0 40320c-40324b SetErrorMode GetVersion 1 40324d-403255 call 406338 0->1 2 40325e 0->2 1->2 7 403257 1->7 4 403263-403276 call 4062ca lstrlenA 2->4 9 403278-403294 call 406338 * 3 4->9 7->2 16 4032a5-403303 #17 OleInitialize SHGetFileInfoA call 405fa0 GetCommandLineA call 405fa0 9->16 17 403296-40329c 9->17 24 403305-40330a 16->24 25 40330f-403324 call 405963 CharNextA 16->25 17->16 21 40329e 17->21 21->16 24->25 28 4033e9-4033ed 25->28 29 4033f3 28->29 30 403329-40332c 28->30 33 403406-403420 GetTempPathA call 4031db 29->33 31 403334-40333c 30->31 32 40332e-403332 30->32 34 403344-403347 31->34 35 40333e-40333f 31->35 32->31 32->32 43 403422-403440 GetWindowsDirectoryA lstrcatA call 4031db 33->43 44 403478-403492 DeleteFileA call 402d63 33->44 37 4033d9-4033e6 call 405963 34->37 38 40334d-403351 34->38 35->34 37->28 53 4033e8 37->53 41 403353-403359 38->41 42 403369-403396 38->42 47 40335b-40335d 41->47 48 40335f 41->48 49 403398-40339e 42->49 50 4033a9-4033d7 42->50 43->44 61 403442-403472 GetTempPathA lstrcatA SetEnvironmentVariableA * 2 call 4031db 43->61 58 403526-403536 ExitProcess OleUninitialize 44->58 59 403498-40349e 44->59 47->42 47->48 48->42 55 4033a0-4033a2 49->55 56 4033a4 49->56 50->37 52 4033f5-403401 call 405fa0 50->52 52->33 53->28 55->50 55->56 56->50 65 40365a-403660 58->65 66 40353c-40354c call 4056bc ExitProcess 58->66 63 4034a0-4034ab call 405963 59->63 64 403516-40351d call 4037ce 59->64 61->44 61->58 81 4034e1-4034eb 63->81 82 4034ad-4034d6 63->82 73 403522 64->73 71 403662-40367b GetCurrentProcess OpenProcessToken 65->71 72 4036dc-4036e4 65->72 78 4036ad-4036bb call 406338 71->78 79 40367d-4036a7 LookupPrivilegeValueA AdjustTokenPrivileges 71->79 75 4036e6 72->75 76 4036ea-4036ee ExitProcess 72->76 73->58 75->76 87 4036c9-4036d3 ExitWindowsEx 78->87 88 4036bd-4036c7 78->88 79->78 85 403552-403566 call 405627 lstrcatA 81->85 86 4034ed-4034fa call 405a26 81->86 84 4034d8-4034da 82->84 84->81 89 4034dc-4034df 84->89 98 403573-40358d lstrcatA lstrcmpiA 85->98 99 403568-40356e lstrcatA 85->99 86->58 95 4034fc-403512 call 405fa0 * 2 86->95 87->72 92 4036d5-4036d7 call 40140b 87->92 88->87 88->92 89->81 89->84 92->72 95->64 98->58 101 40358f-403592 98->101 99->98 103 403594-403599 call 40558d 101->103 104 40359b call 40560a 101->104 110 4035a0-4035ad SetCurrentDirectoryA 103->110 104->110 111 4035ba-4035e2 call 405fa0 110->111 112 4035af-4035b5 call 405fa0 110->112 116 4035e8-403604 call 405fc2 DeleteFileA 111->116 112->111 119 403645-40364c 116->119 120 403606-403616 CopyFileA 116->120 119->116 122 40364e-403655 call 405d7f 119->122 120->119 121 403618-403638 call 405d7f call 405fc2 call 40563f 120->121 121->119 131 40363a-403641 CloseHandle 121->131 122->58 131->119
                                                                                APIs
                                                                                • SetErrorMode.KERNELBASE ref: 00403231
                                                                                • GetVersion.KERNEL32 ref: 00403237
                                                                                • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040326A
                                                                                • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 004032A6
                                                                                • OleInitialize.OLE32(00000000), ref: 004032AD
                                                                                • SHGetFileInfoA.SHELL32(00434030,00000000,?,00000160,00000000,?,00000006,00000008,0000000A), ref: 004032C9
                                                                                • GetCommandLineA.KERNEL32(0044E400,NSIS Error,?,00000006,00000008,0000000A), ref: 004032DE
                                                                                • CharNextA.USER32(00000000,0047B000,00000020,0047B000,00000000,?,00000006,00000008,0000000A), ref: 0040331A
                                                                                • GetTempPathA.KERNELBASE(00002000,00485000,00000000,00000020,?,00000006,00000008,0000000A), ref: 00403417
                                                                                • GetWindowsDirectoryA.KERNEL32(00485000,00001FFB,?,00000006,00000008,0000000A), ref: 00403428
                                                                                • lstrcatA.KERNEL32(00485000,\Temp,?,00000006,00000008,0000000A), ref: 00403434
                                                                                • GetTempPathA.KERNEL32(00001FFC,00485000,00485000,\Temp,?,00000006,00000008,0000000A), ref: 00403448
                                                                                • lstrcatA.KERNEL32(00485000,Low,?,00000006,00000008,0000000A), ref: 00403450
                                                                                • SetEnvironmentVariableA.KERNEL32(TEMP,00485000,00485000,Low,?,00000006,00000008,0000000A), ref: 00403461
                                                                                • SetEnvironmentVariableA.KERNEL32(TMP,00485000,?,00000006,00000008,0000000A), ref: 00403469
                                                                                • DeleteFileA.KERNELBASE(00483000,?,00000006,00000008,0000000A), ref: 0040347D
                                                                                  • Part of subcall function 00406338: GetModuleHandleA.KERNEL32(?,?,?,0040327F,0000000A), ref: 0040634A
                                                                                  • Part of subcall function 00406338: GetProcAddress.KERNEL32(00000000,?), ref: 00406365
                                                                                  • Part of subcall function 004037CE: lstrlenA.KERNEL32(Remove folder: ,?,?,?,Remove folder: ,00000000,0047D000,00483000,0043C070,80000001,Control Panel\Desktop\ResourceLocale,00000000,0043C070,00000000,00000002,74DF3410), ref: 004038BE
                                                                                  • Part of subcall function 004037CE: lstrcmpiA.KERNEL32(?,.exe), ref: 004038D1
                                                                                  • Part of subcall function 004037CE: GetFileAttributesA.KERNEL32(Remove folder: ), ref: 004038DC
                                                                                  • Part of subcall function 004037CE: LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,0047D000), ref: 00403925
                                                                                  • Part of subcall function 004037CE: RegisterClassA.USER32(0044E3A0), ref: 00403962
                                                                                • ExitProcess.KERNEL32(?,?,00000006,00000008,0000000A), ref: 00403526
                                                                                  • Part of subcall function 004036F4: CloseHandle.KERNEL32(FFFFFFFF,0040352B,?,?,00000006,00000008,0000000A), ref: 004036FF
                                                                                • OleUninitialize.OLE32(?,?,00000006,00000008,0000000A), ref: 0040352B
                                                                                • ExitProcess.KERNEL32 ref: 0040354C
                                                                                • GetCurrentProcess.KERNEL32(00000028,?,00000006,00000008,0000000A), ref: 00403669
                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 00403670
                                                                                • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403688
                                                                                • AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 004036A7
                                                                                • ExitWindowsEx.USER32(00000002,80040002), ref: 004036CB
                                                                                • ExitProcess.KERNEL32 ref: 004036EE
                                                                                  • Part of subcall function 004056BC: MessageBoxIndirectA.USER32(0040A218), ref: 00405717
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: Process$Exit$File$EnvironmentHandlePathTempTokenVariableWindowslstrcatlstrlen$AddressAdjustAttributesCharClassCloseCommandCurrentDeleteDirectoryErrorImageIndirectInfoInitializeLineLoadLookupMessageModeModuleNextOpenPrivilegePrivilegesProcRegisterUninitializeValueVersionlstrcmpi
                                                                                • String ID: "$.tmp$0 C$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$`Kt$~nsu
                                                                                • API String ID: 562314493-718682211
                                                                                • Opcode ID: 19d9ae6564521ff10ca6c44c5a733c1293471e642710be4a9d2b41dec4053a02
                                                                                • Instruction ID: d5c24e8c69225464c2db3592b0ad4ce52127ac0cc508638c6bb98776a2d2aa45
                                                                                • Opcode Fuzzy Hash: 19d9ae6564521ff10ca6c44c5a733c1293471e642710be4a9d2b41dec4053a02
                                                                                • Instruction Fuzzy Hash: A3C1D870504741AAD7216F759E89B2F3EACAF46706F04443FF581B61E2CB7C8A058B6E

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 132 405205-405221 133 4053b0-4053b6 132->133 134 405227-4052ee GetDlgItem * 3 call 404074 call 404965 GetClientRect GetSystemMetrics SendMessageA * 2 132->134 135 4053e0-4053ec 133->135 136 4053b8-4053da GetDlgItem CreateThread FindCloseChangeNotification 133->136 152 4052f0-40530a SendMessageA * 2 134->152 153 40530c-40530f 134->153 139 40540e-405414 135->139 140 4053ee-4053f4 135->140 136->135 144 405416-40541c 139->144 145 405469-40546c 139->145 142 4053f6-405409 ShowWindow * 2 call 404074 140->142 143 40542f-405436 call 4040a6 140->143 142->139 156 40543b-40543f 143->156 149 405442-405452 ShowWindow 144->149 150 40541e-40542a call 404018 144->150 145->143 147 40546e-405474 145->147 147->143 154 405476-405489 SendMessageA 147->154 157 405462-405464 call 404018 149->157 158 405454-40545d call 4050c7 149->158 150->143 152->153 160 405311-40531d SendMessageA 153->160 161 40531f-405336 call 40403f 153->161 162 405586-405588 154->162 163 40548f-4054bb CreatePopupMenu call 405fc2 AppendMenuA 154->163 157->145 158->157 160->161 171 405338-40534c ShowWindow 161->171 172 40536c-40538d GetDlgItem SendMessageA 161->172 162->156 169 4054d0-4054e6 TrackPopupMenu 163->169 170 4054bd-4054cd GetWindowRect 163->170 169->162 173 4054ec-405506 169->173 170->169 174 40535b 171->174 175 40534e-405359 ShowWindow 171->175 172->162 176 405393-4053ab SendMessageA * 2 172->176 177 40550b-405526 SendMessageA 173->177 178 405361-405367 call 404074 174->178 175->178 176->162 177->177 179 405528-405548 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 177->179 178->172 181 40554a-40556a SendMessageA 179->181 181->181 182 40556c-405580 GlobalUnlock SetClipboardData CloseClipboard 181->182 182->162
                                                                                APIs
                                                                                • GetDlgItem.USER32(?,00000403), ref: 00405264
                                                                                • GetDlgItem.USER32(?,000003EE), ref: 00405273
                                                                                • GetClientRect.USER32(?,?), ref: 004052B0
                                                                                • GetSystemMetrics.USER32(00000002), ref: 004052B7
                                                                                • SendMessageA.USER32(?,0000101B,00000000,?), ref: 004052D8
                                                                                • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 004052E9
                                                                                • SendMessageA.USER32(?,00001001,00000000,?), ref: 004052FC
                                                                                • SendMessageA.USER32(?,00001026,00000000,?), ref: 0040530A
                                                                                • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040531D
                                                                                • ShowWindow.USER32(00000000,?,0000001B,?), ref: 0040533F
                                                                                • ShowWindow.USER32(?,00000008), ref: 00405353
                                                                                • GetDlgItem.USER32(?,000003EC), ref: 00405374
                                                                                • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 00405384
                                                                                • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 0040539D
                                                                                • SendMessageA.USER32(00000000,00002001,00000000,?), ref: 004053A9
                                                                                • GetDlgItem.USER32(?,000003F8), ref: 00405282
                                                                                  • Part of subcall function 00404074: SendMessageA.USER32(00000028,?,00000001,00403EA4), ref: 00404082
                                                                                • GetDlgItem.USER32(?,000003EC), ref: 004053C5
                                                                                • CreateThread.KERNELBASE(00000000,00000000,Function_00005199,00000000), ref: 004053D3
                                                                                • FindCloseChangeNotification.KERNELBASE(00000000), ref: 004053DA
                                                                                • ShowWindow.USER32(00000000), ref: 004053FD
                                                                                • ShowWindow.USER32(?,00000008), ref: 00405404
                                                                                • ShowWindow.USER32(00000008), ref: 0040544A
                                                                                • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040547E
                                                                                • CreatePopupMenu.USER32 ref: 0040548F
                                                                                • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 004054A4
                                                                                • GetWindowRect.USER32(?,000000FF), ref: 004054C4
                                                                                • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004054DD
                                                                                • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405519
                                                                                • OpenClipboard.USER32(00000000), ref: 00405529
                                                                                • EmptyClipboard.USER32 ref: 0040552F
                                                                                • GlobalAlloc.KERNEL32(00000042,?), ref: 00405538
                                                                                • GlobalLock.KERNEL32(00000000), ref: 00405542
                                                                                • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405556
                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 0040556F
                                                                                • SetClipboardData.USER32(00000001,00000000), ref: 0040557A
                                                                                • CloseClipboard.USER32 ref: 00405580
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendChangeClientDataEmptyFindLockMetricsNotificationOpenSystemThreadTrackUnlock
                                                                                • String ID:
                                                                                • API String ID: 4154960007-0
                                                                                • Opcode ID: dc9db1bb3042da1a1ed873bad6f0944ebfaf90529de2f46f5703e5cd34e1212a
                                                                                • Instruction ID: cb443ab1f87c712d4fb343c0872367a3fcca99d855a89080dff2c14af257ba1e
                                                                                • Opcode Fuzzy Hash: dc9db1bb3042da1a1ed873bad6f0944ebfaf90529de2f46f5703e5cd34e1212a
                                                                                • Instruction Fuzzy Hash: 21A17B71900608BFEB119FA1DE89EAE7B79FB08345F00403AFA41B61A1C7758E51DF68

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 554 405768-40578e call 405a26 557 405790-4057a2 DeleteFileA 554->557 558 4057a7-4057ae 554->558 559 405931-405935 557->559 560 4057b0-4057b2 558->560 561 4057c1-4057d1 call 405fa0 558->561 562 4057b8-4057bb 560->562 563 4058df-4058e4 560->563 569 4057e0-4057e1 call 40597f 561->569 570 4057d3-4057de lstrcatA 561->570 562->561 562->563 563->559 566 4058e6-4058e9 563->566 567 4058f3-4058fb call 4062a3 566->567 568 4058eb-4058f1 566->568 567->559 577 4058fd-405911 call 405938 call 405720 567->577 568->559 572 4057e6-4057e9 569->572 570->572 575 4057f4-4057fa lstrcatA 572->575 576 4057eb-4057f2 572->576 578 4057ff-40581d lstrlenA FindFirstFileA 575->578 576->575 576->578 593 405913-405916 577->593 594 405929-40592c call 4050c7 577->594 580 405823-40583a call 405963 578->580 581 4058d5-4058d9 578->581 587 405845-405848 580->587 588 40583c-405840 580->588 581->563 583 4058db 581->583 583->563 591 40584a-40584f 587->591 592 40585b-405869 call 405fa0 587->592 588->587 590 405842 588->590 590->587 596 405851-405853 591->596 597 4058b4-4058c6 FindNextFileA 591->597 604 405880-40588b call 405720 592->604 605 40586b-405873 592->605 593->568 599 405918-405927 call 4050c7 call 405d7f 593->599 594->559 596->592 600 405855-405859 596->600 597->580 602 4058cc-4058cf FindClose 597->602 599->559 600->592 600->597 602->581 613 4058ac-4058af call 4050c7 604->613 614 40588d-405890 604->614 605->597 607 405875-405879 call 405768 605->607 615 40587e 607->615 613->597 616 405892-4058a2 call 4050c7 call 405d7f 614->616 617 4058a4-4058aa 614->617 615->597 616->597 617->597
                                                                                APIs
                                                                                • DeleteFileA.KERNELBASE(?,?,74DF3410,00485000,00000000), ref: 00405791
                                                                                • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\*.*,\*.*,C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\*.*,?,?,74DF3410,00485000,00000000), ref: 004057D9
                                                                                • lstrcatA.KERNEL32(?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\*.*,?,?,74DF3410,00485000,00000000), ref: 004057FA
                                                                                • lstrlenA.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\*.*,?,?,74DF3410,00485000,00000000), ref: 00405800
                                                                                • FindFirstFileA.KERNELBASE(C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\*.*,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\*.*,?,?,74DF3410,00485000,00000000), ref: 00405811
                                                                                • FindNextFileA.KERNELBASE(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 004058BE
                                                                                • FindClose.KERNEL32(00000000), ref: 004058CF
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\7z-out\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\*.*$\*.*
                                                                                • API String ID: 2035342205-2594728164
                                                                                • Opcode ID: c0b77bb7ec77e54292dcea2d95d3dd54b397864b60da3618d9e1bcabfe4094fc
                                                                                • Instruction ID: 4034ce2da7d910ed1c3e993348aad1dec665958d5cdc48b45f2fa778073bb28c
                                                                                • Opcode Fuzzy Hash: c0b77bb7ec77e54292dcea2d95d3dd54b397864b60da3618d9e1bcabfe4094fc
                                                                                • Instruction Fuzzy Hash: 2C51B331800A05FAEF216B618C85BAF7A78DF42314F14817FF841B61E2D73C4952EE6A
                                                                                APIs
                                                                                • FindFirstFileA.KERNELBASE(74DF3410,004480C0,C:\,00405A69,C:\,C:\,00000000,C:\,C:\,74DF3410,?,00485000,00405788,?,74DF3410,00485000), ref: 004062AE
                                                                                • FindClose.KERNELBASE(00000000), ref: 004062BA
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: Find$CloseFileFirst
                                                                                • String ID: C:\
                                                                                • API String ID: 2295610775-3404278061
                                                                                • Opcode ID: ebfe8471de6f7f538a7bce34d1e55e3908f962607e92f8bf4160da5918238004
                                                                                • Instruction ID: 41fb9a97abe6314a88c4d6bfa977ce05a31a72e52743b0bc12efeb1f41a56e63
                                                                                • Opcode Fuzzy Hash: ebfe8471de6f7f538a7bce34d1e55e3908f962607e92f8bf4160da5918238004
                                                                                • Instruction Fuzzy Hash: E9D012355290206BC21037386E0C84B7A589F153307128A7BF4A6F21E0CB348C66869C

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 183 403b6b-403b7d 184 403b83-403b89 183->184 185 403cbe-403ccd 183->185 184->185 186 403b8f-403b98 184->186 187 403d1c-403d31 185->187 188 403ccf-403d0a GetDlgItem * 2 call 40403f KiUserCallbackDispatcher call 40140b 185->188 189 403b9a-403ba7 SetWindowPos 186->189 190 403bad-403bb0 186->190 192 403d71-403d76 call 40408b 187->192 193 403d33-403d36 187->193 211 403d0f-403d17 188->211 189->190 195 403bb2-403bc4 ShowWindow 190->195 196 403bca-403bd0 190->196 202 403d7b-403d96 192->202 198 403d38-403d43 call 401389 193->198 199 403d69-403d6b 193->199 195->196 203 403bd2-403be7 DestroyWindow 196->203 204 403bec-403bef 196->204 198->199 214 403d45-403d64 SendMessageA 198->214 199->192 201 40400c 199->201 209 40400e-404015 201->209 207 403d98-403d9a call 40140b 202->207 208 403d9f-403da5 202->208 210 403fe9-403fef 203->210 212 403bf1-403bfd SetWindowLongA 204->212 213 403c02-403c08 204->213 207->208 217 403fca-403fe3 DestroyWindow EndDialog 208->217 218 403dab-403db6 208->218 210->201 216 403ff1-403ff7 210->216 211->187 212->209 219 403cab-403cb9 call 4040a6 213->219 220 403c0e-403c1f GetDlgItem 213->220 214->209 216->201 224 403ff9-404002 ShowWindow 216->224 217->210 218->217 225 403dbc-403e09 call 405fc2 call 40403f * 3 GetDlgItem 218->225 219->209 221 403c21-403c38 SendMessageA IsWindowEnabled 220->221 222 403c3e-403c41 220->222 221->201 221->222 226 403c43-403c44 222->226 227 403c46-403c49 222->227 224->201 253 403e13-403e4f ShowWindow KiUserCallbackDispatcher call 404061 EnableWindow 225->253 254 403e0b-403e10 225->254 230 403c74-403c79 call 404018 226->230 231 403c57-403c5c 227->231 232 403c4b-403c51 227->232 230->219 234 403c92-403ca5 SendMessageA 231->234 236 403c5e-403c64 231->236 232->234 235 403c53-403c55 232->235 234->219 235->230 239 403c66-403c6c call 40140b 236->239 240 403c7b-403c84 call 40140b 236->240 251 403c72 239->251 240->219 249 403c86-403c90 240->249 249->251 251->230 257 403e51-403e52 253->257 258 403e54 253->258 254->253 259 403e56-403e84 GetSystemMenu EnableMenuItem SendMessageA 257->259 258->259 260 403e86-403e97 SendMessageA 259->260 261 403e99 259->261 262 403e9f-403ed9 call 404074 call 403b4c call 405fa0 lstrlenA call 405fc2 SetWindowTextA call 401389 260->262 261->262 262->202 273 403edf-403ee1 262->273 273->202 274 403ee7-403eeb 273->274 275 403f0a-403f1e DestroyWindow 274->275 276 403eed-403ef3 274->276 275->210 278 403f24-403f51 CreateDialogParamA 275->278 276->201 277 403ef9-403eff 276->277 277->202 279 403f05 277->279 278->210 280 403f57-403fae call 40403f GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 278->280 279->201 280->201 285 403fb0-403fc3 ShowWindow call 40408b 280->285 287 403fc8 285->287 287->210
                                                                                APIs
                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403BA7
                                                                                • ShowWindow.USER32(?), ref: 00403BC4
                                                                                • DestroyWindow.USER32 ref: 00403BD8
                                                                                • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403BF4
                                                                                • GetDlgItem.USER32(?,?), ref: 00403C15
                                                                                • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403C29
                                                                                • IsWindowEnabled.USER32(00000000), ref: 00403C30
                                                                                • GetDlgItem.USER32(?,00000001), ref: 00403CDE
                                                                                • GetDlgItem.USER32(?,00000002), ref: 00403CE8
                                                                                • KiUserCallbackDispatcher.NTDLL(?,000000F2,?), ref: 00403D02
                                                                                • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403D53
                                                                                • GetDlgItem.USER32(?,00000003), ref: 00403DF9
                                                                                • ShowWindow.USER32(00000000,?), ref: 00403E1A
                                                                                • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403E2C
                                                                                • EnableWindow.USER32(?,?), ref: 00403E47
                                                                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403E5D
                                                                                • EnableMenuItem.USER32(00000000), ref: 00403E64
                                                                                • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403E7C
                                                                                • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403E8F
                                                                                • lstrlenA.KERNEL32(0043C070,?,0043C070,00000000), ref: 00403EB9
                                                                                • SetWindowTextA.USER32(?,0043C070), ref: 00403EC8
                                                                                • ShowWindow.USER32(?,0000000A), ref: 00403FFC
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: Window$Item$MessageSend$Show$CallbackDispatcherEnableMenuUser$DestroyEnabledLongSystemTextlstrlen
                                                                                • String ID:
                                                                                • API String ID: 3906175533-0
                                                                                • Opcode ID: bb254eebcc43e1efea9e3628f986721872f6c569cd1eeb9010ff054dc953221e
                                                                                • Instruction ID: 666c89c176ee591166c77646ceded32e7735a2126acae7f0578b7925c4b2ff01
                                                                                • Opcode Fuzzy Hash: bb254eebcc43e1efea9e3628f986721872f6c569cd1eeb9010ff054dc953221e
                                                                                • Instruction Fuzzy Hash: 6CC1A071504705EBEB216F62EE85E2B3A7CFB4674AF00053EF641B21E1CB7998419B2D

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 288 4037ce-4037e6 call 406338 291 4037e8-4037f8 call 405efe 288->291 292 4037fa-40382b call 405e87 288->292 301 40384e-403877 call 403a93 call 405a26 291->301 297 403843-403849 lstrcatA 292->297 298 40382d-40383e call 405e87 292->298 297->301 298->297 306 40387d-403882 301->306 307 4038fe-403906 call 405a26 301->307 306->307 308 403884-4038a8 call 405e87 306->308 313 403914-403939 LoadImageA 307->313 314 403908-40390f call 405fc2 307->314 308->307 315 4038aa-4038ac 308->315 317 4039ba-4039c2 call 40140b 313->317 318 40393b-40396b RegisterClassA 313->318 314->313 319 4038bd-4038c9 lstrlenA 315->319 320 4038ae-4038bb call 405963 315->320 331 4039c4-4039c7 317->331 332 4039cc-4039d7 call 403a93 317->332 321 403971-4039b5 SystemParametersInfoA CreateWindowExA 318->321 322 403a89 318->322 326 4038f1-4038f9 call 405938 call 405fa0 319->326 327 4038cb-4038d9 lstrcmpiA 319->327 320->319 321->317 325 403a8b-403a92 322->325 326->307 327->326 330 4038db-4038e5 GetFileAttributesA 327->330 334 4038e7-4038e9 330->334 335 4038eb-4038ec call 40597f 330->335 331->325 341 403a60-403a61 call 405199 332->341 342 4039dd-4039f7 ShowWindow call 4062ca 332->342 334->326 334->335 335->326 346 403a66-403a68 341->346 347 403a03-403a15 GetClassInfoA 342->347 348 4039f9-4039fe call 4062ca 342->348 349 403a82-403a84 call 40140b 346->349 350 403a6a-403a70 346->350 354 403a17-403a27 GetClassInfoA RegisterClassA 347->354 355 403a2d-403a50 DialogBoxParamA call 40140b 347->355 348->347 349->322 350->331 351 403a76-403a7d call 40140b 350->351 351->331 354->355 359 403a55-403a5e call 40371e 355->359 359->325
                                                                                APIs
                                                                                  • Part of subcall function 00406338: GetModuleHandleA.KERNEL32(?,?,?,0040327F,0000000A), ref: 0040634A
                                                                                  • Part of subcall function 00406338: GetProcAddress.KERNEL32(00000000,?), ref: 00406365
                                                                                • lstrcatA.KERNEL32(00483000,0043C070,80000001,Control Panel\Desktop\ResourceLocale,00000000,0043C070,00000000,00000002,74DF3410,00485000,0047B000,00000000), ref: 00403849
                                                                                • lstrlenA.KERNEL32(Remove folder: ,?,?,?,Remove folder: ,00000000,0047D000,00483000,0043C070,80000001,Control Panel\Desktop\ResourceLocale,00000000,0043C070,00000000,00000002,74DF3410), ref: 004038BE
                                                                                • lstrcmpiA.KERNEL32(?,.exe), ref: 004038D1
                                                                                • GetFileAttributesA.KERNEL32(Remove folder: ), ref: 004038DC
                                                                                • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,0047D000), ref: 00403925
                                                                                  • Part of subcall function 00405EFE: wsprintfA.USER32 ref: 00405F0B
                                                                                • RegisterClassA.USER32(0044E3A0), ref: 00403962
                                                                                • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 0040397A
                                                                                • CreateWindowExA.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 004039AF
                                                                                • ShowWindow.USER32(00000005,00000000), ref: 004039E5
                                                                                • GetClassInfoA.USER32(00000000,RichEdit20A,0044E3A0), ref: 00403A11
                                                                                • GetClassInfoA.USER32(00000000,RichEdit,0044E3A0), ref: 00403A1E
                                                                                • RegisterClassA.USER32(0044E3A0), ref: 00403A27
                                                                                • DialogBoxParamA.USER32(?,00000000,00403B6B,00000000), ref: 00403A46
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                • String ID: .DEFAULT\Control Panel\International$.exe$Control Panel\Desktop\ResourceLocale$Remove folder: $RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                • API String ID: 1975747703-3456440045
                                                                                • Opcode ID: e7b77775b255d99bd90b4d0e87e5f645bd8a311ac873016b5d786077c09591cd
                                                                                • Instruction ID: fc6281f6d7ea5fdedce45eee0aa3b2185decc2f9b4bea6d8e743b00daf016ab2
                                                                                • Opcode Fuzzy Hash: e7b77775b255d99bd90b4d0e87e5f645bd8a311ac873016b5d786077c09591cd
                                                                                • Instruction Fuzzy Hash: D561D771240701BED611AF669D45F3B3AACEB4670AF00447FF885B22E2DB7C99018B2D

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 362 405fc2-405fcd 363 405fe0-405ff6 362->363 364 405fcf-405fde 362->364 365 4061e7-4061eb 363->365 366 405ffc-406007 363->366 364->363 367 4061f1-4061fb 365->367 368 406019-406023 365->368 366->365 369 40600d-406014 366->369 370 406206-406207 367->370 371 4061fd-406201 call 405fa0 367->371 368->367 372 406029-406030 368->372 369->365 371->370 374 406036-40606a 372->374 375 4061da 372->375 376 406070-40607a 374->376 377 406187-40618a 374->377 378 4061e4-4061e6 375->378 379 4061dc-4061e2 375->379 382 406094 376->382 383 40607c-406080 376->383 380 4061ba-4061bd 377->380 381 40618c-40618f 377->381 378->365 379->365 388 4061cb-4061d8 lstrlenA 380->388 389 4061bf-4061c6 call 405fc2 380->389 385 406191-40619d call 405efe 381->385 386 40619f-4061ab call 405fa0 381->386 387 40609b-4060a2 382->387 383->382 384 406082-406086 383->384 384->382 390 406088-40608c 384->390 400 4061b0-4061b6 385->400 386->400 392 4060a4-4060a6 387->392 393 4060a7-4060a9 387->393 388->365 389->388 390->382 396 40608e-406092 390->396 392->393 398 4060e2-4060e5 393->398 399 4060ab-4060ce call 405e87 393->399 396->387 403 4060f5-4060f8 398->403 404 4060e7-4060f3 GetSystemDirectoryA 398->404 411 4060d4-4060dd call 405fc2 399->411 412 40616e-406172 399->412 400->388 402 4061b8 400->402 408 40617f-406185 call 40620a 402->408 405 406165-406167 403->405 406 4060fa-406108 GetWindowsDirectoryA 403->406 409 406169-40616c 404->409 405->409 410 40610a-406114 405->410 406->405 408->388 409->408 409->412 414 406116-406119 410->414 415 40612e-406144 SHGetSpecialFolderLocation 410->415 411->409 412->408 417 406174-40617a lstrcatA 412->417 414->415 419 40611b-406122 414->419 420 406162 415->420 421 406146-406160 SHGetPathFromIDListA CoTaskMemFree 415->421 417->408 423 40612a-40612c 419->423 420->405 421->409 421->420 423->409 423->415
                                                                                APIs
                                                                                • GetSystemDirectoryA.KERNEL32(Remove folder: ,00002000), ref: 004060ED
                                                                                • GetWindowsDirectoryA.KERNEL32(Remove folder: ,00002000,?,Remove folder: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\,00000000,004050FF,Remove folder: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\,00000000), ref: 00406100
                                                                                • SHGetSpecialFolderLocation.SHELL32(004050FF,74DF23A0,?,Remove folder: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\,00000000,004050FF,Remove folder: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\,00000000), ref: 0040613C
                                                                                • SHGetPathFromIDListA.SHELL32(74DF23A0,Remove folder: ), ref: 0040614A
                                                                                • CoTaskMemFree.OLE32(74DF23A0), ref: 00406156
                                                                                • lstrcatA.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040617A
                                                                                • lstrlenA.KERNEL32(Remove folder: ,?,Remove folder: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\,00000000,004050FF,Remove folder: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\,00000000,00000000,00422028,74DF23A0), ref: 004061CC
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                                • String ID: Remove folder: $Remove folder: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                • API String ID: 717251189-2879811719
                                                                                • Opcode ID: 822a315553691d0959fe1cf19c79311585cb2dd1ce76ac22f295ffb80e5f4c0b
                                                                                • Instruction ID: 7c2adf64d8328dff01df486c2e27b57e2c51f51cfd57b2d0b0521008d1caed3a
                                                                                • Opcode Fuzzy Hash: 822a315553691d0959fe1cf19c79311585cb2dd1ce76ac22f295ffb80e5f4c0b
                                                                                • Instruction Fuzzy Hash: 2061F675900205AFEB119F24CD84BBF7BA59B16314F12403FE503BA2D2C77C89A2CB5A

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 424 402d63-402db1 GetTickCount GetModuleFileNameA call 405b39 427 402db3-402db8 424->427 428 402dbd-402deb call 405fa0 call 40597f call 405fa0 GetFileSize 424->428 429 402f95-402f99 427->429 436 402df1 428->436 437 402ed8-402ee6 call 402cff 428->437 438 402df6-402e0d 436->438 444 402ee8-402eeb 437->444 445 402f3b-402f40 437->445 440 402e11-402e1a call 4031ae 438->440 441 402e0f 438->441 450 402e20-402e27 440->450 451 402f42-402f4a call 402cff 440->451 441->440 446 402eed-402f05 call 4031c4 call 4031ae 444->446 447 402f0f-402f39 GlobalAlloc call 4031c4 call 402f9c 444->447 445->429 446->445 470 402f07-402f0d 446->470 447->445 475 402f4c-402f5d 447->475 454 402ea3-402ea7 450->454 455 402e29-402e3d call 405af4 450->455 451->445 459 402eb1-402eb7 454->459 460 402ea9-402eb0 call 402cff 454->460 455->459 473 402e3f-402e46 455->473 466 402ec6-402ed0 459->466 467 402eb9-402ec3 call 4063ef 459->467 460->459 466->438 474 402ed6 466->474 467->466 470->445 470->447 473->459 479 402e48-402e4f 473->479 474->437 476 402f65-402f6a 475->476 477 402f5f 475->477 480 402f6b-402f71 476->480 477->476 479->459 481 402e51-402e58 479->481 480->480 482 402f73-402f8e SetFilePointer call 405af4 480->482 481->459 483 402e5a-402e61 481->483 486 402f93 482->486 483->459 485 402e63-402e83 483->485 485->445 487 402e89-402e8d 485->487 486->429 488 402e95-402e9d 487->488 489 402e8f-402e93 487->489 488->459 490 402e9f-402ea1 488->490 489->474 489->488 490->459
                                                                                APIs
                                                                                • GetTickCount.KERNEL32 ref: 00402D74
                                                                                • GetModuleFileNameA.KERNEL32(00000000,00489000,00002000), ref: 00402D90
                                                                                  • Part of subcall function 00405B39: GetFileAttributesA.KERNELBASE(00000003,00402DA3,00489000,80000000,00000003), ref: 00405B3D
                                                                                  • Part of subcall function 00405B39: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405B5F
                                                                                • GetFileSize.KERNEL32(00000000,00000000,0048B000,00000000,00481000,00481000,00489000,00489000,80000000,00000003), ref: 00402DDC
                                                                                Strings
                                                                                • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402F3B
                                                                                • Null, xrefs: 00402E5A
                                                                                • Inst, xrefs: 00402E48
                                                                                • Error launching installer, xrefs: 00402DB3
                                                                                • soft, xrefs: 00402E51
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                • API String ID: 4283519449-1074636621
                                                                                • Opcode ID: f8e604f13ddaaec11f58daf98c7cc58da5ae01dfe025c9ac4b8039e2ba9f7a05
                                                                                • Instruction ID: 3cf286ad26c05deb68a266c39863f6b625e9839bc1dce875a95444cfa52a9705
                                                                                • Opcode Fuzzy Hash: f8e604f13ddaaec11f58daf98c7cc58da5ae01dfe025c9ac4b8039e2ba9f7a05
                                                                                • Instruction Fuzzy Hash: E551D171900215ABDB119F65DE89B9F7AB8EB05369F10403BF904B62D1C7BC9D408BAD

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 491 402f9c-402fb0 492 402fb2 491->492 493 402fb9-402fc2 491->493 492->493 494 402fc4 493->494 495 402fcb-402fd0 493->495 494->495 496 402fe0-402fed call 4031ae 495->496 497 402fd2-402fdb call 4031c4 495->497 501 402ff3-402ff7 496->501 502 40319c 496->502 497->496 503 403147-403149 501->503 504 402ffd-403046 GetTickCount 501->504 505 40319e-40319f 502->505 506 403189-40318c 503->506 507 40314b-40314e 503->507 508 4031a4 504->508 509 40304c-403054 504->509 510 4031a7-4031ab 505->510 511 403191-40319a call 4031ae 506->511 512 40318e 506->512 507->508 513 403150 507->513 508->510 514 403056 509->514 515 403059-403067 call 4031ae 509->515 511->502 525 4031a1 511->525 512->511 518 403153-403159 513->518 514->515 515->502 524 40306d-403076 515->524 521 40315b 518->521 522 40315d-40316b call 4031ae 518->522 521->522 522->502 528 40316d-403172 call 405be0 522->528 527 40307c-40309c call 40645d 524->527 525->508 533 4030a2-4030b5 GetTickCount 527->533 534 40313f-403141 527->534 532 403177-403179 528->532 535 403143-403145 532->535 536 40317b-403185 532->536 537 4030b7-4030bf 533->537 538 4030fa-4030fc 533->538 534->505 535->505 536->518 539 403187 536->539 540 4030c1-4030c5 537->540 541 4030c7-4030f7 MulDiv wsprintfA call 4050c7 537->541 542 403133-403137 538->542 543 4030fe-403102 538->543 539->508 540->538 540->541 541->538 542->509 544 40313d 542->544 546 403104-40310b call 405be0 543->546 547 403119-403124 543->547 544->508 551 403110-403112 546->551 549 403127-40312b 547->549 549->527 552 403131 549->552 551->535 553 403114-403117 551->553 552->508 553->549
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: CountTick$wsprintf
                                                                                • String ID: ( B$( B$(A$(A$... %d%%
                                                                                • API String ID: 551687249-1613237036
                                                                                • Opcode ID: 342d87f3bf68deecb177d7018135bb7b71e2d571e5030e4911bfbc87acd37eb6
                                                                                • Instruction ID: eba0525db15093f61ee08b6c00ba5fdbd9f6e41697776a2ec06e61400ac9bd7a
                                                                                • Opcode Fuzzy Hash: 342d87f3bf68deecb177d7018135bb7b71e2d571e5030e4911bfbc87acd37eb6
                                                                                • Instruction Fuzzy Hash: 2A517E71901219ABDB10DF56DA0479E7BB8AF4875AF10413BE810BB2C1D778DB40CBA9

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 623 401759-40177c call 402acb call 4059a5 628 401786-401798 call 405fa0 call 405938 lstrcatA 623->628 629 40177e-401784 call 405fa0 623->629 634 40179d-4017a3 call 40620a 628->634 629->634 639 4017a8-4017ac 634->639 640 4017ae-4017b8 call 4062a3 639->640 641 4017df-4017e2 639->641 648 4017ca-4017dc 640->648 649 4017ba-4017c8 CompareFileTime 640->649 643 4017e4-4017e5 call 405b14 641->643 644 4017ea-401806 call 405b39 641->644 643->644 651 401808-40180b 644->651 652 40187e-4018a7 call 4050c7 call 402f9c 644->652 648->641 649->648 654 401860-40186a call 4050c7 651->654 655 40180d-40184f call 405fa0 * 2 call 405fc2 call 405fa0 call 4056bc 651->655 666 4018a9-4018ad 652->666 667 4018af-4018bb SetFileTime 652->667 664 401873-401879 654->664 655->639 687 401855-401856 655->687 668 402960 664->668 666->667 670 4018c1-4018cc FindCloseChangeNotification 666->670 667->670 674 402962-402966 668->674 672 4018d2-4018d5 670->672 673 402957-40295a 670->673 676 4018d7-4018e8 call 405fc2 lstrcatA 672->676 677 4018ea-4018ed call 405fc2 672->677 673->668 681 4018f2-4022ec call 4056bc 676->681 677->681 681->673 681->674 687->664 689 401858-401859 687->689 689->654
                                                                                APIs
                                                                                • lstrcatA.KERNEL32(00000000,00000000,ExecShellAsUser,0047F000,00000000,00000000,00000031), ref: 00401798
                                                                                • CompareFileTime.KERNEL32(-00000014,?,ExecShellAsUser,ExecShellAsUser,00000000,00000000,ExecShellAsUser,0047F000,00000000,00000000,00000031), ref: 004017C2
                                                                                  • Part of subcall function 00405FA0: lstrcpynA.KERNEL32(?,?,00002000,004032DE,0044E400,NSIS Error,?,00000006,00000008,0000000A), ref: 00405FAD
                                                                                  • Part of subcall function 004050C7: lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\,00000000,00422028,74DF23A0,?,?,?,?,?,?,?,?,?,004030F7,00000000,?), ref: 00405100
                                                                                  • Part of subcall function 004050C7: lstrlenA.KERNEL32(004030F7,Remove folder: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\,00000000,00422028,74DF23A0,?,?,?,?,?,?,?,?,?,004030F7,00000000), ref: 00405110
                                                                                  • Part of subcall function 004050C7: lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\,004030F7,004030F7,Remove folder: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\,00000000,00422028,74DF23A0), ref: 00405123
                                                                                  • Part of subcall function 004050C7: SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\), ref: 00405135
                                                                                  • Part of subcall function 004050C7: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040515B
                                                                                  • Part of subcall function 004050C7: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405175
                                                                                  • Part of subcall function 004050C7: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405183
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp$C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\StdUtils.dll$ExecShellAsUser
                                                                                • API String ID: 1941528284-4027959218
                                                                                • Opcode ID: d1bc28a5a42b1dbe04e2539b2cb95902de82cba6976b7ef9835eae16b92b2e17
                                                                                • Instruction ID: 96f3b1abcda028b22533463005ae4ed6ec9ac8348439948b24e876d516825338
                                                                                • Opcode Fuzzy Hash: d1bc28a5a42b1dbe04e2539b2cb95902de82cba6976b7ef9835eae16b92b2e17
                                                                                • Instruction Fuzzy Hash: 1141B671900615BACF107BA5CD45DAF3A79EF45369B60823FF421F20E2D77C8A418A6D

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 690 4062ca-4062ea GetSystemDirectoryA 691 4062ec 690->691 692 4062ee-4062f0 690->692 691->692 693 406300-406302 692->693 694 4062f2-4062fa 692->694 696 406303-406335 wsprintfA LoadLibraryExA 693->696 694->693 695 4062fc-4062fe 694->695 695->696
                                                                                APIs
                                                                                • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004062E1
                                                                                • wsprintfA.USER32 ref: 0040631A
                                                                                • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040632E
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                • String ID: %s%s.dll$UXTHEME$\
                                                                                • API String ID: 2200240437-4240819195
                                                                                • Opcode ID: 99878a05f639d6717cee7e73d8174e66263622090e4b33b6bcde024c159c7dc8
                                                                                • Instruction ID: 4b2e1b96e526c3afc1937c3159904a09e8452480974eeaf1dbd8ebd71d3b02b5
                                                                                • Opcode Fuzzy Hash: 99878a05f639d6717cee7e73d8174e66263622090e4b33b6bcde024c159c7dc8
                                                                                • Instruction Fuzzy Hash: 87F0F63050060AABEB14AB74DD0DFEB375CAB08305F14047AAA87E11C1EA78D9398B9C

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 697 401c0a-401c2a call 402aa9 * 2 702 401c36-401c3a 697->702 703 401c2c-401c33 call 402acb 697->703 705 401c46-401c4c 702->705 706 401c3c-401c43 call 402acb 702->706 703->702 709 401c9a-401cc0 call 402acb * 2 FindWindowExA 705->709 710 401c4e-401c6a call 402aa9 * 2 705->710 706->705 722 401cc6 709->722 720 401c8a-401c98 SendMessageA 710->720 721 401c6c-401c88 SendMessageTimeoutA 710->721 720->722 723 401cc9-401ccc 721->723 722->723 724 401cd2 723->724 725 402957-402966 723->725 724->725
                                                                                APIs
                                                                                • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C7A
                                                                                • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C92
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: MessageSend$Timeout
                                                                                • String ID: !
                                                                                • API String ID: 1777923405-2657877971
                                                                                • Opcode ID: b497a5e5830524a78c3b1dc5bcd9d1dec719188b70264decbce2c5befc7e4cb3
                                                                                • Instruction ID: 2ba5304c1a7bae2d5eac8bf435d3177e819ffae85e7f6e151422e65e61bc6dac
                                                                                • Opcode Fuzzy Hash: b497a5e5830524a78c3b1dc5bcd9d1dec719188b70264decbce2c5befc7e4cb3
                                                                                • Instruction Fuzzy Hash: 92219171E44209BEEB15DFA5D986AAD7BB4EF84304F24843EF501B61D0CB7885408F28

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 728 4023d6-402407 call 402acb * 2 call 402b5b 735 402957-402966 728->735 736 40240d-402417 728->736 737 402427-40242a 736->737 738 402419-402426 call 402acb lstrlenA 736->738 740 40242c-40243d call 402aa9 737->740 741 40243e-402441 737->741 738->737 740->741 745 402452-402466 RegSetValueExA 741->745 746 402443-40244d call 402f9c 741->746 750 402468 745->750 751 40246b-402548 RegCloseKey 745->751 746->745 750->751 751->735 753 40271c-402723 751->753 753->735
                                                                                APIs
                                                                                • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsi71EB.tmp,00000023,00000011,00000002), ref: 00402421
                                                                                • RegSetValueExA.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsi71EB.tmp,00000000,00000011,00000002), ref: 0040245E
                                                                                • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsi71EB.tmp,00000000,00000011,00000002), ref: 00402542
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: CloseValuelstrlen
                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp
                                                                                • API String ID: 2655323295-1412228213
                                                                                • Opcode ID: 89191b3c74185597823c63b96631895be5d91288e44303a49c20697d39e5a080
                                                                                • Instruction ID: 4c89e87aedaa5372dc267e27c604b307b221bfd6f664262a5d927997ae6a1bde
                                                                                • Opcode Fuzzy Hash: 89191b3c74185597823c63b96631895be5d91288e44303a49c20697d39e5a080
                                                                                • Instruction Fuzzy Hash: D011D371E00215BEEF00EFA5DE49AAEBA74EB44318F20843BF504F71D1C6B94D419B68

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 754 402003-40200f 755 402015-40202b call 402acb * 2 754->755 756 4020ca-4020cc 754->756 766 40203a-402048 LoadLibraryExA 755->766 767 40202d-402038 GetModuleHandleA 755->767 758 40223d-402242 call 401423 756->758 763 402957-402966 758->763 764 40271c-402723 758->764 764->763 769 40204a-402057 GetProcAddress 766->769 770 4020c3-4020c5 766->770 767->766 767->769 772 402096-40209b call 4050c7 769->772 773 402059-40205f 769->773 770->758 777 4020a0-4020a3 772->777 775 402061-40206d call 401423 773->775 776 402078-40208c 773->776 775->777 785 40206f-402076 775->785 779 402091-402094 776->779 777->763 780 4020a9-4020b1 call 40376e 777->780 779->777 780->763 786 4020b7-4020be FreeLibrary 780->786 785->777 786->763
                                                                                APIs
                                                                                • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 0040202E
                                                                                  • Part of subcall function 004050C7: lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\,00000000,00422028,74DF23A0,?,?,?,?,?,?,?,?,?,004030F7,00000000,?), ref: 00405100
                                                                                  • Part of subcall function 004050C7: lstrlenA.KERNEL32(004030F7,Remove folder: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\,00000000,00422028,74DF23A0,?,?,?,?,?,?,?,?,?,004030F7,00000000), ref: 00405110
                                                                                  • Part of subcall function 004050C7: lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\,004030F7,004030F7,Remove folder: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\,00000000,00422028,74DF23A0), ref: 00405123
                                                                                  • Part of subcall function 004050C7: SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\), ref: 00405135
                                                                                  • Part of subcall function 004050C7: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040515B
                                                                                  • Part of subcall function 004050C7: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405175
                                                                                  • Part of subcall function 004050C7: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405183
                                                                                • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 0040203E
                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 0040204E
                                                                                • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 004020B8
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                • String ID:
                                                                                • API String ID: 2987980305-0
                                                                                • Opcode ID: 6af1e7eb7492141e71dde090e7896947b62a3459544a7b43b51ee23b6ebd047d
                                                                                • Instruction ID: 925a26e0c59fcdbf3a92d1332ba84001e2e342ce267d8cdd70d9c1fb8e3a0ef4
                                                                                • Opcode Fuzzy Hash: 6af1e7eb7492141e71dde090e7896947b62a3459544a7b43b51ee23b6ebd047d
                                                                                • Instruction Fuzzy Hash: 0621C971A00215B7CF207FA48F4DBAE7A616B51359F20413BE611B21D0DBBD4942D66E

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 787 40558d-4055d8 CreateDirectoryA 788 4055da-4055dc 787->788 789 4055de-4055eb GetLastError 787->789 790 405605-405607 788->790 789->790 791 4055ed-405601 SetFileSecurityA 789->791 791->788 792 405603 GetLastError 791->792 792->790
                                                                                APIs
                                                                                • CreateDirectoryA.KERNELBASE(?,?,00485000), ref: 004055D0
                                                                                • GetLastError.KERNEL32 ref: 004055E4
                                                                                • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004055F9
                                                                                • GetLastError.KERNEL32 ref: 00405603
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                • String ID:
                                                                                • API String ID: 3449924974-0
                                                                                • Opcode ID: 3f07113bbed92aa299f899006a5ac68722d9e9d13463f273e10feef126da3ab7
                                                                                • Instruction ID: 31ed81618c477e33f581cc85a0b23cfa0e691b84649e5a94383732ec19bc7550
                                                                                • Opcode Fuzzy Hash: 3f07113bbed92aa299f899006a5ac68722d9e9d13463f273e10feef126da3ab7
                                                                                • Instruction Fuzzy Hash: 4E011A71C00219EADF109FA1C9047EFBBB8EF14355F10803AD545B6290DB799609CFA9

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 793 405a26-405a41 call 405fa0 call 4059d1 798 405a43-405a45 793->798 799 405a47-405a54 call 40620a 793->799 800 405a99-405a9b 798->800 803 405a60-405a62 799->803 804 405a56-405a5a 799->804 806 405a78-405a81 lstrlenA 803->806 804->798 805 405a5c-405a5e 804->805 805->798 805->803 807 405a83-405a97 call 405938 GetFileAttributesA 806->807 808 405a64-405a6b call 4062a3 806->808 807->800 813 405a72-405a73 call 40597f 808->813 814 405a6d-405a70 808->814 813->806 814->798 814->813
                                                                                APIs
                                                                                  • Part of subcall function 00405FA0: lstrcpynA.KERNEL32(?,?,00002000,004032DE,0044E400,NSIS Error,?,00000006,00000008,0000000A), ref: 00405FAD
                                                                                  • Part of subcall function 004059D1: CharNextA.USER32(?,?,C:\,?,00405A3D,C:\,C:\,74DF3410,?,00485000,00405788,?,74DF3410,00485000,00000000), ref: 004059DF
                                                                                  • Part of subcall function 004059D1: CharNextA.USER32(00000000), ref: 004059E4
                                                                                  • Part of subcall function 004059D1: CharNextA.USER32(00000000), ref: 004059F8
                                                                                • lstrlenA.KERNEL32(C:\,00000000,C:\,C:\,74DF3410,?,00485000,00405788,?,74DF3410,00485000,00000000), ref: 00405A79
                                                                                • GetFileAttributesA.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,74DF3410,?,00485000,00405788,?,74DF3410,00485000), ref: 00405A89
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                • String ID: C:\
                                                                                • API String ID: 3248276644-3404278061
                                                                                • Opcode ID: 3b6d0c4ebac4798025594113f83dd9a311929e9887e3f7bb7884b5d6324322d4
                                                                                • Instruction ID: d48a74c6cf84c1e4d32e0e1ba1c73eb4ee50dba0b310f8fa03ff64586fce4bcf
                                                                                • Opcode Fuzzy Hash: 3b6d0c4ebac4798025594113f83dd9a311929e9887e3f7bb7884b5d6324322d4
                                                                                • Instruction Fuzzy Hash: 04F04C26305E6556C722723A4C85A9F1A04CEC3324719073FF891F12D2DB3C8A439DBE
                                                                                APIs
                                                                                • GetTickCount.KERNEL32 ref: 00405B7C
                                                                                • GetTempFileNameA.KERNELBASE(?,?,00000000,?,?,00000006,00000008,0000000A), ref: 00405B96
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: CountFileNameTempTick
                                                                                • String ID: nsa
                                                                                • API String ID: 1716503409-2209301699
                                                                                • Opcode ID: 81a8a72dc23b4af90602e2553ee1124644ae594fa0167b908fb3a738e8e2aa10
                                                                                • Instruction ID: 343f4ea9f9204f9b983ce224a42535e265f7560d01468737dbca66c928219fc6
                                                                                • Opcode Fuzzy Hash: 81a8a72dc23b4af90602e2553ee1124644ae594fa0167b908fb3a738e8e2aa10
                                                                                • Instruction Fuzzy Hash: 59F0A7363082087BDB108F56DD04B9B7BADDF91750F10803BFA48DB290D6B4E9548B58
                                                                                APIs
                                                                                • GlobalFree.KERNELBASE(00777F48), ref: 00401BD2
                                                                                • GlobalAlloc.KERNEL32(00000040,00002004), ref: 00401BE4
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: Global$AllocFree
                                                                                • String ID: ExecShellAsUser
                                                                                • API String ID: 3394109436-869331269
                                                                                • Opcode ID: 909f4a83088a287ebc55af16c66f981feb6b1da81deccf2253087fc64da2977b
                                                                                • Instruction ID: f6d7ead896680d37f92cdf99bd6625021356cee69a39ee0e8c8ac6ad6d468d56
                                                                                • Opcode Fuzzy Hash: 909f4a83088a287ebc55af16c66f981feb6b1da81deccf2253087fc64da2977b
                                                                                • Instruction Fuzzy Hash: 3E2108B27001429BDB10EB94DD88E9F73A8EB84318B10443BF151F72C0DB7CA8418B6D
                                                                                APIs
                                                                                  • Part of subcall function 004062A3: FindFirstFileA.KERNELBASE(74DF3410,004480C0,C:\,00405A69,C:\,C:\,00000000,C:\,C:\,74DF3410,?,00485000,00405788,?,74DF3410,00485000), ref: 004062AE
                                                                                  • Part of subcall function 004062A3: FindClose.KERNELBASE(00000000), ref: 004062BA
                                                                                • lstrlenA.KERNEL32 ref: 0040228B
                                                                                • lstrlenA.KERNEL32(00000000), ref: 00402295
                                                                                • SHFileOperationA.SHELL32(?,?,?,00000000), ref: 004022BD
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: FileFindlstrlen$CloseFirstOperation
                                                                                • String ID:
                                                                                • API String ID: 1486964399-0
                                                                                • Opcode ID: 01c39747f4571799e565524aea2ea4f99065a1f4da79d757333e85a17dd115f4
                                                                                • Instruction ID: 349dabc4e121e40637a2e3f52c057a668796bcb7f348320b075967da111ca0c3
                                                                                • Opcode Fuzzy Hash: 01c39747f4571799e565524aea2ea4f99065a1f4da79d757333e85a17dd115f4
                                                                                • Instruction Fuzzy Hash: C8117071A04345AACB10EFF98A4999EBBB8EF05308F14443FA000F72C1D6BCC5408B69
                                                                                APIs
                                                                                  • Part of subcall function 00405B14: GetFileAttributesA.KERNELBASE(?,?,0040572C,?,?,00000000,0040590F,?,?,?,?), ref: 00405B19
                                                                                  • Part of subcall function 00405B14: SetFileAttributesA.KERNELBASE(?,00000000), ref: 00405B2D
                                                                                • RemoveDirectoryA.KERNELBASE(?,?,?,00000000,0040590F), ref: 0040573B
                                                                                • DeleteFileA.KERNELBASE(?,?,?,00000000,0040590F), ref: 00405743
                                                                                • SetFileAttributesA.KERNEL32(?,00000000), ref: 0040575B
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                • String ID:
                                                                                • API String ID: 1655745494-0
                                                                                • Opcode ID: 4390be6e2ef8d2df5986f304b1f187f42b365e072cd754739d21517cc83f2d57
                                                                                • Instruction ID: 41a59d98901dadf9faebb98bb098dbd3bab940c68288cb1340f4b8977cea5a50
                                                                                • Opcode Fuzzy Hash: 4390be6e2ef8d2df5986f304b1f187f42b365e072cd754739d21517cc83f2d57
                                                                                • Instruction Fuzzy Hash: FCE0E531115A9197C61177308E0CA5B2AD8DFC6324F09493AF492B31C0C778444ADA6E
                                                                                APIs
                                                                                  • Part of subcall function 004059D1: CharNextA.USER32(?,?,C:\,?,00405A3D,C:\,C:\,74DF3410,?,00485000,00405788,?,74DF3410,00485000,00000000), ref: 004059DF
                                                                                  • Part of subcall function 004059D1: CharNextA.USER32(00000000), ref: 004059E4
                                                                                  • Part of subcall function 004059D1: CharNextA.USER32(00000000), ref: 004059F8
                                                                                • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 0040160D
                                                                                  • Part of subcall function 0040558D: CreateDirectoryA.KERNELBASE(?,?,00485000), ref: 004055D0
                                                                                • SetCurrentDirectoryA.KERNELBASE(00000000,0047F000,00000000,00000000,000000F0), ref: 0040163C
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                • String ID:
                                                                                • API String ID: 1892508949-0
                                                                                • Opcode ID: 063cade49b44451d63862b0b4acccae64b1b18f7fe3bcddbb7de98dadaaffedf
                                                                                • Instruction ID: 4061ca9d70ae00be9bb4ad17465cac8f9754b7470a883fc3f2c2ead3154265c3
                                                                                • Opcode Fuzzy Hash: 063cade49b44451d63862b0b4acccae64b1b18f7fe3bcddbb7de98dadaaffedf
                                                                                • Instruction Fuzzy Hash: F0112731608152EBCF217BB54D419BF66B0DA92324B28093FE5D1B22E3D63D49429A3F
                                                                                APIs
                                                                                • RegQueryValueExA.ADVAPI32(00000000,00000000,?,?,?,?), ref: 004024A3
                                                                                • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsi71EB.tmp,00000000,00000011,00000002), ref: 00402542
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: CloseQueryValue
                                                                                • String ID:
                                                                                • API String ID: 3356406503-0
                                                                                • Opcode ID: 54b3be57d36ca7f0d44e05a6551a7de4bb5a3a832c5f241bf52507b427e6b0ed
                                                                                • Instruction ID: 77493b7c1caf9c0e8479f6492169629c84c06238e2a5328c90670a3d76b39679
                                                                                • Opcode Fuzzy Hash: 54b3be57d36ca7f0d44e05a6551a7de4bb5a3a832c5f241bf52507b427e6b0ed
                                                                                • Instruction Fuzzy Hash: BB11A371A01205FFDB15CF64DA9C9AEBBB49F11348F20843FE445B72C0D6B88A85DB69
                                                                                APIs
                                                                                • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: MessageSend
                                                                                • String ID:
                                                                                • API String ID: 3850602802-0
                                                                                • Opcode ID: 441e51a43d6905f91ce896fdb50f7f3e8ce2eecf8d4abbdd503ecf7d62571e05
                                                                                • Instruction ID: 4cce14bbfac51e86deb9fb7f4f48f49e8063224b6fb315ffcb1e2fade37cb0f9
                                                                                • Opcode Fuzzy Hash: 441e51a43d6905f91ce896fdb50f7f3e8ce2eecf8d4abbdd503ecf7d62571e05
                                                                                • Instruction Fuzzy Hash: 1201FF316242209BE70A4B399D04B6A36D8F711729F10823FF851F72F1EA78CC028B4C
                                                                                APIs
                                                                                • OleInitialize.OLE32(00000000), ref: 004051A9
                                                                                  • Part of subcall function 0040408B: SendMessageA.USER32(?,00000000,00000000,00000000), ref: 0040409D
                                                                                • OleUninitialize.OLE32(00000404,00000000), ref: 004051F5
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeMessageSendUninitialize
                                                                                • String ID:
                                                                                • API String ID: 2896919175-0
                                                                                • Opcode ID: a528ede16d8ece0c59ab40356331991896dac7d538e320d0ffb06345b870f253
                                                                                • Instruction ID: d3bc7387fd57afad1243513bcccd471715f644c2d298f0249ad8164e4477d673
                                                                                • Opcode Fuzzy Hash: a528ede16d8ece0c59ab40356331991896dac7d538e320d0ffb06345b870f253
                                                                                • Instruction Fuzzy Hash: 43F0F073800B00ABE6005750DE00B1777A0DB82316F09443FFE84772E2CBB588018A6D
                                                                                APIs
                                                                                • ShowWindow.USER32(00000000,00000000), ref: 00401E49
                                                                                • EnableWindow.USER32(00000000,00000000), ref: 00401E54
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: Window$EnableShow
                                                                                • String ID:
                                                                                • API String ID: 1136574915-0
                                                                                • Opcode ID: 08e1dd53f9dcbc9cf0071cf2efe72e77efb5ce36218b7302fcb677c7ad8d5d63
                                                                                • Instruction ID: 3bb07fcd417830823528c6a07ea034e2eb3a780eb411924ff220aca0ca1a0825
                                                                                • Opcode Fuzzy Hash: 08e1dd53f9dcbc9cf0071cf2efe72e77efb5ce36218b7302fcb677c7ad8d5d63
                                                                                • Instruction Fuzzy Hash: 85E0ED72B04212AFDB14ABA5AA495AEB6A4DF40329B10443BE411B11D1DA7849419F5D
                                                                                APIs
                                                                                • GetModuleHandleA.KERNEL32(?,?,?,0040327F,0000000A), ref: 0040634A
                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00406365
                                                                                  • Part of subcall function 004062CA: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004062E1
                                                                                  • Part of subcall function 004062CA: wsprintfA.USER32 ref: 0040631A
                                                                                  • Part of subcall function 004062CA: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040632E
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                • String ID:
                                                                                • API String ID: 2547128583-0
                                                                                • Opcode ID: 30985bc18176bda4dfc46ca2d396654736e9499ca8d22b71f2c1527f66d3312f
                                                                                • Instruction ID: b6ec051a43833f1e75efb6c097fb1b7945085d0745a1c08503facd7b36b6f755
                                                                                • Opcode Fuzzy Hash: 30985bc18176bda4dfc46ca2d396654736e9499ca8d22b71f2c1527f66d3312f
                                                                                • Instruction Fuzzy Hash: 88E08C32604210ABD2106A709E0493B63A9AF88710306483EFA46F2240DB389C3696AD
                                                                                APIs
                                                                                • FreeLibrary.KERNELBASE(?,74DF3410,00000000,00485000,00403711,0040352B,?,?,00000006,00000008,0000000A), ref: 00403753
                                                                                • GlobalFree.KERNEL32(?), ref: 0040375A
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: Free$GlobalLibrary
                                                                                • String ID:
                                                                                • API String ID: 1100898210-0
                                                                                • Opcode ID: 7e46f2bbc1df1a916a08afdb92386b58c2c0976bbab61f5249e3d24e3d7a9f09
                                                                                • Instruction ID: 6ba71519c43bf55b4b9167d4a70dfa8993af453660be5c9224fc6eec323f1fd3
                                                                                • Opcode Fuzzy Hash: 7e46f2bbc1df1a916a08afdb92386b58c2c0976bbab61f5249e3d24e3d7a9f09
                                                                                • Instruction Fuzzy Hash: FDE0127350212097C6216F59EE4875E7B786F85F22F05507AEA407B2608774AC428BD8
                                                                                APIs
                                                                                • GetFileAttributesA.KERNELBASE(00000003,00402DA3,00489000,80000000,00000003), ref: 00405B3D
                                                                                • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405B5F
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: File$AttributesCreate
                                                                                • String ID:
                                                                                • API String ID: 415043291-0
                                                                                • Opcode ID: 80243517f436f95d2d00e5b5224d95f101b34955670c918b0becce4e09b30ec3
                                                                                • Instruction ID: 6905ba7dec075751c4c8bdaf1e97cd52a4ed4154a0977e2bcfee25d1bc4df630
                                                                                • Opcode Fuzzy Hash: 80243517f436f95d2d00e5b5224d95f101b34955670c918b0becce4e09b30ec3
                                                                                • Instruction Fuzzy Hash: F5D09E31254201EFEF098F20DE16F2EBBA2EB94B00F11952CB682944E1DA715819AB19
                                                                                APIs
                                                                                • GetFileAttributesA.KERNELBASE(?,?,0040572C,?,?,00000000,0040590F,?,?,?,?), ref: 00405B19
                                                                                • SetFileAttributesA.KERNELBASE(?,00000000), ref: 00405B2D
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: AttributesFile
                                                                                • String ID:
                                                                                • API String ID: 3188754299-0
                                                                                • Opcode ID: d21186c4df97c8b90cedd4d9d2ae0fe59d501b3437fd2b8c2b63dc03c6f7d79a
                                                                                • Instruction ID: a6801623bae5b64e590af13d118403295127a001a29879099f28d41f07625d68
                                                                                • Opcode Fuzzy Hash: d21186c4df97c8b90cedd4d9d2ae0fe59d501b3437fd2b8c2b63dc03c6f7d79a
                                                                                • Instruction Fuzzy Hash: A4D0C972504121ABC2102728AE0889BBB65DB54271702CA36F8A9A26B1DB304C569A98
                                                                                APIs
                                                                                • CloseHandle.KERNEL32(FFFFFFFF,0040352B,?,?,00000006,00000008,0000000A), ref: 004036FF
                                                                                Strings
                                                                                • C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\, xrefs: 00403713
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: CloseHandle
                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\
                                                                                • API String ID: 2962429428-2430884613
                                                                                • Opcode ID: e2fce6cb7e4bd878bb855d9d4782e23046200841727912eee4ccc09af04f40ce
                                                                                • Instruction ID: 8a34961e980c079ac6948eddad59adcae2d4cd7e0cdc6fd5433603b066ad1ffd
                                                                                • Opcode Fuzzy Hash: e2fce6cb7e4bd878bb855d9d4782e23046200841727912eee4ccc09af04f40ce
                                                                                • Instruction Fuzzy Hash: 36C012B050470096C5607F749E8F6093E556B41735B744735F0B8B60F1C77C8659955E
                                                                                APIs
                                                                                • CreateDirectoryA.KERNELBASE(?,00000000,004031FF,00485000,00485000,00485000,00485000,00485000,0040341E,?,00000006,00000008,0000000A), ref: 00405610
                                                                                • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 0040561E
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: CreateDirectoryErrorLast
                                                                                • String ID:
                                                                                • API String ID: 1375471231-0
                                                                                • Opcode ID: f012ed4f2e447eb03a7c1a9074efbf4aa4d4dcf66ab1e3e2b7403bfb804529af
                                                                                • Instruction ID: e893664a09cf2e9e2c2936498d7e4fae4244a4ac8c06b28443c2d62416ddc455
                                                                                • Opcode Fuzzy Hash: f012ed4f2e447eb03a7c1a9074efbf4aa4d4dcf66ab1e3e2b7403bfb804529af
                                                                                • Instruction Fuzzy Hash: 1AC08C302109029BDA001B309E08B173A95AB90381F118839604AE40B0CE32C405CD2E
                                                                                APIs
                                                                                • RegCreateKeyExA.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402B7C,00000000,?,?), ref: 00405E7D
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: Create
                                                                                • String ID:
                                                                                • API String ID: 2289755597-0
                                                                                • Opcode ID: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                • Instruction ID: 7acc68ffa7400c9eee32ba1e20ae5f36fa8f71d611e671e2c7f17c05e0102792
                                                                                • Opcode Fuzzy Hash: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                • Instruction Fuzzy Hash: F0E0E67201050DBFEF095F50DD0AD7B371DEB44744F00492EFA45D4090E6B5A9619A74
                                                                                APIs
                                                                                • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403177,00000000,0041E028,000000FF,0041E028,000000FF,000000FF,00000004,00000000), ref: 00405BF4
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: FileWrite
                                                                                • String ID:
                                                                                • API String ID: 3934441357-0
                                                                                • Opcode ID: d47d29d2c4ad98e9097244963089aa7711ad8f9da7a01510603535aa68a2578c
                                                                                • Instruction ID: a276b01dc183147df0450da273931698a90403b1c9d2199bac4a8b1ac439e1da
                                                                                • Opcode Fuzzy Hash: d47d29d2c4ad98e9097244963089aa7711ad8f9da7a01510603535aa68a2578c
                                                                                • Instruction Fuzzy Hash: B9E0EC3221476AABEF509E559C04AEB7B6CFB05360F008436FD55E2150D631E9219BA8
                                                                                APIs
                                                                                • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004031C1,00000000,00000000,00402FEB,000000FF,00000004,00000000,00000000,00000000), ref: 00405BC5
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: FileRead
                                                                                • String ID:
                                                                                • API String ID: 2738559852-0
                                                                                • Opcode ID: c828ac78080eafadef002e80ceae40fa9d69551b6ff84e56452d6cc727993955
                                                                                • Instruction ID: b16ae19e339659dac821aa5fa8ec0f56b65f92cb21281493c05533f45e405579
                                                                                • Opcode Fuzzy Hash: c828ac78080eafadef002e80ceae40fa9d69551b6ff84e56452d6cc727993955
                                                                                • Instruction Fuzzy Hash: 14E0EC3221065ABBDF109F559C00AEB7B6CFB05361F118836F915E3150E631F8219BB4
                                                                                APIs
                                                                                • RegOpenKeyExA.KERNELBASE(00000000,?,00000000,?,?,?,?,?,00405EB4,?,?,?,?,00000002,Remove folder: ), ref: 00405E4A
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: Open
                                                                                • String ID:
                                                                                • API String ID: 71445658-0
                                                                                • Opcode ID: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                • Instruction ID: 00f586757f971d8fddb6ba1a4fa1948c276a5597575d42b2c7248084dade2010
                                                                                • Opcode Fuzzy Hash: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                • Instruction Fuzzy Hash: 36D0EC3200020DBADF115F90ED05FAB371EEB04710F004426BA55A5090D6759520AA58
                                                                                APIs
                                                                                • SetDlgItemTextA.USER32(?,?,00000000), ref: 00404059
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: ItemText
                                                                                • String ID:
                                                                                • API String ID: 3367045223-0
                                                                                • Opcode ID: a0a78e1bf6a6b29a50df979bec23ba929f6ba3d1fc8fcf0d14566fab2b8853c2
                                                                                • Instruction ID: bf62610f610bba90556bdcd31abde1078def355814f7361e89583e93c2f26f86
                                                                                • Opcode Fuzzy Hash: a0a78e1bf6a6b29a50df979bec23ba929f6ba3d1fc8fcf0d14566fab2b8853c2
                                                                                • Instruction Fuzzy Hash: C2C04C79148700BFD641A755CD42F1FB7EDEF94315F40C92EB19CA11D1C63988209A26
                                                                                APIs
                                                                                • SendMessageA.USER32(?,00000000,00000000,00000000), ref: 0040409D
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: MessageSend
                                                                                • String ID:
                                                                                • API String ID: 3850602802-0
                                                                                • Opcode ID: fcb410e73ff28c7c721615f2d1b76ecbcc08593dfa481273694f1ab80d680dea
                                                                                • Instruction ID: dc0fe9f2873b1b31caed9ffec69b67f1cbb85c05ef5e40ff43161b5d97c3bfec
                                                                                • Opcode Fuzzy Hash: fcb410e73ff28c7c721615f2d1b76ecbcc08593dfa481273694f1ab80d680dea
                                                                                • Instruction Fuzzy Hash: B2C04C756407006AEA218B51DD49F0677946750B40F1484397750F60D4C674E410DA1C
                                                                                APIs
                                                                                • SendMessageA.USER32(00000028,?,00000001,00403EA4), ref: 00404082
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: MessageSend
                                                                                • String ID:
                                                                                • API String ID: 3850602802-0
                                                                                • Opcode ID: 90995640d780f78d936646df3698c534cf74dc81456e4980755a566d6583aa34
                                                                                • Instruction ID: b93e40128d6e1c948692e866e7dcbda031b9d08d342489ec85e58d85114fe036
                                                                                • Opcode Fuzzy Hash: 90995640d780f78d936646df3698c534cf74dc81456e4980755a566d6583aa34
                                                                                • Instruction Fuzzy Hash: F5B09235180A00AAEA114B00DF09F457A62A765702F008029B240290B2CAB240A1DB18
                                                                                APIs
                                                                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402F2A,?), ref: 004031D2
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: FilePointer
                                                                                • String ID:
                                                                                • API String ID: 973152223-0
                                                                                • Opcode ID: 9851be0de28bb9513f6e500a0df6ea838ed72b99fd7baa621d8f85bec57c8f40
                                                                                • Instruction ID: 1f5c7ae16c2334422adcad36111bde95194575cbdac9b1f52e29a9f6e91cc98e
                                                                                • Opcode Fuzzy Hash: 9851be0de28bb9513f6e500a0df6ea838ed72b99fd7baa621d8f85bec57c8f40
                                                                                • Instruction Fuzzy Hash: 34B01271240300BFDA214F00DF09F057B21ABA0700F10C034B388380F086711035EB0D
                                                                                APIs
                                                                                • KiUserCallbackDispatcher.NTDLL(?,00403E3D), ref: 0040406B
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: CallbackDispatcherUser
                                                                                • String ID:
                                                                                • API String ID: 2492992576-0
                                                                                • Opcode ID: 159f684cd445e5a2b3f46bb25231c0e6912f9c15cd91e73ad93280acd2a5eeec
                                                                                • Instruction ID: c5b275790591b6ea279e9aaaff24a81262f30180438a09f86821f4bd36946bfb
                                                                                • Opcode Fuzzy Hash: 159f684cd445e5a2b3f46bb25231c0e6912f9c15cd91e73ad93280acd2a5eeec
                                                                                • Instruction Fuzzy Hash: 75A00176404141EBDB069F90EF48D4ABF72EBA4B05B129439A295A40368A324871FF2D
                                                                                APIs
                                                                                • GetDlgItem.USER32(?,000003F9), ref: 00404A5C
                                                                                • GetDlgItem.USER32(?,00000408), ref: 00404A67
                                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 00404AB1
                                                                                • LoadBitmapA.USER32(0000006E), ref: 00404AC4
                                                                                • SetWindowLongA.USER32(?,000000FC,0040503B), ref: 00404ADD
                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404AF1
                                                                                • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404B03
                                                                                • SendMessageA.USER32(?,00001109,00000002), ref: 00404B19
                                                                                • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404B25
                                                                                • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404B37
                                                                                • DeleteObject.GDI32(00000000), ref: 00404B3A
                                                                                • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404B65
                                                                                • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404B71
                                                                                • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404C06
                                                                                • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404C31
                                                                                • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404C45
                                                                                • GetWindowLongA.USER32(?,000000F0), ref: 00404C74
                                                                                • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404C82
                                                                                • ShowWindow.USER32(?,00000005), ref: 00404C93
                                                                                • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404D90
                                                                                • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404DF5
                                                                                • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404E0A
                                                                                • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404E2E
                                                                                • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404E4E
                                                                                • ImageList_Destroy.COMCTL32(?), ref: 00404E63
                                                                                • GlobalFree.KERNEL32(?), ref: 00404E73
                                                                                • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404EEC
                                                                                • SendMessageA.USER32(?,00001102,?,?), ref: 00404F95
                                                                                • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404FA4
                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00404FC4
                                                                                • ShowWindow.USER32(?,00000000), ref: 00405012
                                                                                • GetDlgItem.USER32(?,000003FE), ref: 0040501D
                                                                                • ShowWindow.USER32(00000000), ref: 00405024
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                • String ID: $M$N
                                                                                • API String ID: 1638840714-813528018
                                                                                • Opcode ID: 0ec6e848b4d64707c0c534aaaf3abb65ca3a131ed20d6c62d8bc71840dc3714d
                                                                                • Instruction ID: ae1b00e1ce1277df7b1735320a59ff19d2ce0b10c9e2d438dce5626e8e49cf71
                                                                                • Opcode Fuzzy Hash: 0ec6e848b4d64707c0c534aaaf3abb65ca3a131ed20d6c62d8bc71840dc3714d
                                                                                • Instruction Fuzzy Hash: A4028CB0900209EFEB149FA4DD85AAE7BB5FB85315F10813AF610BA2E1C7789D41CF58
                                                                                APIs
                                                                                • GetDlgItem.USER32(?,000003FB), ref: 00404520
                                                                                • SetWindowTextA.USER32(00000000,?), ref: 0040454A
                                                                                • SHBrowseForFolderA.SHELL32(?,00436048,?), ref: 004045FB
                                                                                • CoTaskMemFree.OLE32(00000000), ref: 00404606
                                                                                • lstrcmpiA.KERNEL32(Remove folder: ,0043C070), ref: 00404638
                                                                                • lstrcatA.KERNEL32(?,Remove folder: ), ref: 00404644
                                                                                • SetDlgItemTextA.USER32(?,000003FB,?), ref: 00404656
                                                                                  • Part of subcall function 004056A0: GetDlgItemTextA.USER32(?,?,00002000,0040468D), ref: 004056B3
                                                                                  • Part of subcall function 0040620A: CharNextA.USER32(?,*?|<>/":,00000000,0047B000,74DF3410,00485000,00000000,004031E7,00485000,00485000,0040341E,?,00000006,00000008,0000000A), ref: 00406262
                                                                                  • Part of subcall function 0040620A: CharNextA.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 0040626F
                                                                                  • Part of subcall function 0040620A: CharNextA.USER32(?,0047B000,74DF3410,00485000,00000000,004031E7,00485000,00485000,0040341E,?,00000006,00000008,0000000A), ref: 00406274
                                                                                  • Part of subcall function 0040620A: CharPrevA.USER32(?,?,74DF3410,00485000,00000000,004031E7,00485000,00485000,0040341E,?,00000006,00000008,0000000A), ref: 00406284
                                                                                • GetDiskFreeSpaceA.KERNEL32(00434040,?,?,0000040F,?,00434040,00434040,?,00000001,00434040,?,?,000003FB,?), ref: 00404714
                                                                                • MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040472F
                                                                                  • Part of subcall function 00404888: lstrlenA.KERNEL32(0043C070,0043C070,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004047A3,000000DF,00000000,00000400,?), ref: 00404926
                                                                                  • Part of subcall function 00404888: wsprintfA.USER32 ref: 0040492E
                                                                                  • Part of subcall function 00404888: SetDlgItemTextA.USER32(?,0043C070), ref: 00404941
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                • String ID: @@C$A$Remove folder:
                                                                                • API String ID: 2624150263-2183615021
                                                                                • Opcode ID: 7ef8a4e814c27e81c47c060a94f59a0edf6edbf9bfac78d51444d93d037a2c18
                                                                                • Instruction ID: e8720552b39bc5e1a1e5bc62f042add849ee966c36376373cb0498c2a1bd2d83
                                                                                • Opcode Fuzzy Hash: 7ef8a4e814c27e81c47c060a94f59a0edf6edbf9bfac78d51444d93d037a2c18
                                                                                • Instruction Fuzzy Hash: EAA17FB1900209ABDB11AFA5CD41AAF77B8EF85714F10843BF601B62D1DB7C89418B6D
                                                                                APIs
                                                                                • CoCreateInstance.OLE32(0040851C,?,00000001,0040850C,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402153
                                                                                • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00002000,?,00000001,0040850C,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402202
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: ByteCharCreateInstanceMultiWide
                                                                                • String ID:
                                                                                • API String ID: 123533781-0
                                                                                • Opcode ID: c06e033e1e2c95d1fe580b90fda3cbfe14670beca3e660ca2b57938a98181c45
                                                                                • Instruction ID: 38f9ea58667bbeefe91ea46def2d4473f2bb8d40fc5798594265f0c7871110e2
                                                                                • Opcode Fuzzy Hash: c06e033e1e2c95d1fe580b90fda3cbfe14670beca3e660ca2b57938a98181c45
                                                                                • Instruction Fuzzy Hash: 97511671A00208BFCB10DFE4C989A9D7BB6BF49318F2085AAF515EB2D1DA799941CF14
                                                                                APIs
                                                                                • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 0040270D
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: FileFindFirst
                                                                                • String ID:
                                                                                • API String ID: 1974802433-0
                                                                                • Opcode ID: 30279c0e50a8690cce3ffb9d7c79d757c173bf2cb79eb9bac223a122c5b329d7
                                                                                • Instruction ID: 5aed6d40d86b88915634d7fec2bcc4b02db16a4bc7a6b1cfd12d68146168d207
                                                                                • Opcode Fuzzy Hash: 30279c0e50a8690cce3ffb9d7c79d757c173bf2cb79eb9bac223a122c5b329d7
                                                                                • Instruction Fuzzy Hash: 42F0A772604151ABD700E7A499499EEB76CDF11324F60057BE181F20C1CABC8A459B3A
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 82a44bc8fd526afdff965e1cd5e7f2d0a246497ca5c27b0c944ad4ba04d420dd
                                                                                • Instruction ID: c7d8350576d698755b4cacea6fe682166efb8a165fc05e4c5726b7f1812f50b8
                                                                                • Opcode Fuzzy Hash: 82a44bc8fd526afdff965e1cd5e7f2d0a246497ca5c27b0c944ad4ba04d420dd
                                                                                • Instruction Fuzzy Hash: F4E17971900706DFDB24CF58C880BAAB7F5FB44305F15842EE897A7291E738AA95CF54
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 1b132db68e09e38111b46a630986fe986278179b426aaa6f424b6530bbbb36a0
                                                                                • Instruction ID: ff0fd36e996cd89d8e6760587b242a798bd2a834485e3e6d32977043394459b2
                                                                                • Opcode Fuzzy Hash: 1b132db68e09e38111b46a630986fe986278179b426aaa6f424b6530bbbb36a0
                                                                                • Instruction Fuzzy Hash: 76C15931E042599BCF14CF68D4905EEB7B2FF89314F25826AD8567B380D738A942CF95
                                                                                APIs
                                                                                • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 00404235
                                                                                • GetDlgItem.USER32(00000000,000003E8), ref: 00404249
                                                                                • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 00404267
                                                                                • GetSysColor.USER32(?), ref: 00404278
                                                                                • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 00404287
                                                                                • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00404296
                                                                                • lstrlenA.KERNEL32(?), ref: 00404299
                                                                                • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 004042A8
                                                                                • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 004042BD
                                                                                • GetDlgItem.USER32(?,0000040A), ref: 0040431F
                                                                                • SendMessageA.USER32(00000000), ref: 00404322
                                                                                • GetDlgItem.USER32(?,000003E8), ref: 0040434D
                                                                                • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 0040438D
                                                                                • LoadCursorA.USER32(00000000,00007F02), ref: 0040439C
                                                                                • SetCursor.USER32(00000000), ref: 004043A5
                                                                                • LoadCursorA.USER32(00000000,00007F00), ref: 004043BB
                                                                                • SetCursor.USER32(00000000), ref: 004043BE
                                                                                • SendMessageA.USER32(00000111,00000001,00000000), ref: 004043EA
                                                                                • SendMessageA.USER32(00000010,00000000,00000000), ref: 004043FE
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                • String ID: N$Remove folder: $uA@
                                                                                • API String ID: 3103080414-4189957094
                                                                                • Opcode ID: d4eefe654d22cd8461d298cd50b25cc69fd42f6e548781b2386fab9e0069321a
                                                                                • Instruction ID: 189a73e33a32ab5629d9b6d5aa7b8342c7ad0906f2d845131673515c77320290
                                                                                • Opcode Fuzzy Hash: d4eefe654d22cd8461d298cd50b25cc69fd42f6e548781b2386fab9e0069321a
                                                                                • Instruction Fuzzy Hash: 3D61A3B1A40209BFEB109F61CD45F6A7B69EB84705F10803AFB05BA1D1C7B8A951CF68
                                                                                APIs
                                                                                • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                • BeginPaint.USER32(?,?), ref: 00401047
                                                                                • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                • DeleteObject.GDI32(?), ref: 004010ED
                                                                                • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                • DrawTextA.USER32(00000000,0044E400,000000FF,00000010,00000820), ref: 00401156
                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                • DeleteObject.GDI32(?), ref: 00401165
                                                                                • EndPaint.USER32(?,?), ref: 0040116E
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                • String ID: F
                                                                                • API String ID: 941294808-1304234792
                                                                                • Opcode ID: 9a87abe2a4d34ea04cac22e8b23e016ca7fa537fe8c057691b6d5ac7f024c321
                                                                                • Instruction ID: 0f017803aeec3de1db0009a5ab91645596a598df957f8b8ef67319ce70b6f2d5
                                                                                • Opcode Fuzzy Hash: 9a87abe2a4d34ea04cac22e8b23e016ca7fa537fe8c057691b6d5ac7f024c321
                                                                                • Instruction Fuzzy Hash: 74418C71800209AFCF058F95CE459AFBBB9FF45315F00842EF5A1AA1A0C774D955DFA4
                                                                                APIs
                                                                                • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,00000000,00405DA0,?,?), ref: 00405C40
                                                                                • GetShortPathNameA.KERNEL32(?,00448600,00000400), ref: 00405C49
                                                                                  • Part of subcall function 00405A9E: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405CF9,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405AAE
                                                                                  • Part of subcall function 00405A9E: lstrlenA.KERNEL32(00000000,?,00000000,00405CF9,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405AE0
                                                                                • GetShortPathNameA.KERNEL32(?,00448A00,00000400), ref: 00405C66
                                                                                • wsprintfA.USER32 ref: 00405C84
                                                                                • GetFileSize.KERNEL32(00000000,00000000,00448A00,C0000000,00000004,00448A00,?,?,?,?,?), ref: 00405CBF
                                                                                • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405CCE
                                                                                • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D06
                                                                                • SetFilePointer.KERNEL32(0040A3B8,00000000,00000000,00000000,00000000,00448200,00000000,-0000000A,0040A3B8,00000000,[Rename],00000000,00000000,00000000), ref: 00405D5C
                                                                                • GlobalFree.KERNEL32(00000000), ref: 00405D6D
                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405D74
                                                                                  • Part of subcall function 00405B39: GetFileAttributesA.KERNELBASE(00000003,00402DA3,00489000,80000000,00000003), ref: 00405B3D
                                                                                  • Part of subcall function 00405B39: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405B5F
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                • String ID: %s=%s$[Rename]
                                                                                • API String ID: 2171350718-1727408572
                                                                                • Opcode ID: f91431428f4f9cf126320bd5d83c4c3157d753f908e71048d70342efb9ce6d80
                                                                                • Instruction ID: e673f0d6058c791d0c25712d379d652ad09bbbe08baf3ed575ce0f5f839497a3
                                                                                • Opcode Fuzzy Hash: f91431428f4f9cf126320bd5d83c4c3157d753f908e71048d70342efb9ce6d80
                                                                                • Instruction Fuzzy Hash: 1C31D331200F15ABD2207B659D49F6B3A5CDF46754F14453FBA01B62D2EABCA8018E6D
                                                                                APIs
                                                                                • lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\,00000000,00422028,74DF23A0,?,?,?,?,?,?,?,?,?,004030F7,00000000,?), ref: 00405100
                                                                                • lstrlenA.KERNEL32(004030F7,Remove folder: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\,00000000,00422028,74DF23A0,?,?,?,?,?,?,?,?,?,004030F7,00000000), ref: 00405110
                                                                                • lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\,004030F7,004030F7,Remove folder: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\,00000000,00422028,74DF23A0), ref: 00405123
                                                                                • SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\), ref: 00405135
                                                                                • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 0040515B
                                                                                • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00405175
                                                                                • SendMessageA.USER32(?,00001013,?,00000000), ref: 00405183
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                • String ID: Remove folder: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\
                                                                                • API String ID: 2531174081-830236837
                                                                                • Opcode ID: d21e6d514fbfc4abde305c1ef67b874bd8ab4c643857dcd361e5a81f6eb4b346
                                                                                • Instruction ID: 5f823985bcc8b2cdd8f6641b2ca88111799b2924c5ea7b151e34c18a46508a3e
                                                                                • Opcode Fuzzy Hash: d21e6d514fbfc4abde305c1ef67b874bd8ab4c643857dcd361e5a81f6eb4b346
                                                                                • Instruction Fuzzy Hash: A5216071D00618BADB119FA5DD84ADFBFB9EB09354F14807AF944B6291C7398E408F68
                                                                                APIs
                                                                                • GetWindowLongA.USER32(?,000000EB), ref: 004040C3
                                                                                • GetSysColor.USER32(00000000), ref: 00404101
                                                                                • SetTextColor.GDI32(?,00000000), ref: 0040410D
                                                                                • SetBkMode.GDI32(?,?), ref: 00404119
                                                                                • GetSysColor.USER32(?), ref: 0040412C
                                                                                • SetBkColor.GDI32(?,?), ref: 0040413C
                                                                                • DeleteObject.GDI32(?), ref: 00404156
                                                                                • CreateBrushIndirect.GDI32(?), ref: 00404160
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                • String ID:
                                                                                • API String ID: 2320649405-0
                                                                                • Opcode ID: 49e3bf83d30a7d96e63afb16dabbed360c02e673e0f4069f8acd1b63125549d3
                                                                                • Instruction ID: acf379a668eb7ba76ca74fd388386b38bd03efbb8d8a5887114ae3c25b447e5f
                                                                                • Opcode Fuzzy Hash: 49e3bf83d30a7d96e63afb16dabbed360c02e673e0f4069f8acd1b63125549d3
                                                                                • Instruction Fuzzy Hash: 122174715007049BCB309F78DD4CB5BBBF8AF91710B048A3EEA96A66E0D734D984CB54
                                                                                APIs
                                                                                • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 004049AD
                                                                                • GetMessagePos.USER32 ref: 004049B5
                                                                                • ScreenToClient.USER32(?,?), ref: 004049CF
                                                                                • SendMessageA.USER32(?,00001111,00000000,?), ref: 004049E1
                                                                                • SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404A07
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: Message$Send$ClientScreen
                                                                                • String ID: f
                                                                                • API String ID: 41195575-1993550816
                                                                                • Opcode ID: 33c806690141bddee9d4868c528a06b643bfd418e36cfd9cd505f5ef0f9636f7
                                                                                • Instruction ID: 01adb620d992fda54c9cccfda8f446508f93e77e16c9618e278126a6ed05cf06
                                                                                • Opcode Fuzzy Hash: 33c806690141bddee9d4868c528a06b643bfd418e36cfd9cd505f5ef0f9636f7
                                                                                • Instruction Fuzzy Hash: 14015E75900219BAEB00DBA4DD85BFFBBBCAF55711F10412BBA50F61C0C7B499418BA4
                                                                                APIs
                                                                                • GetDC.USER32(?), ref: 00401D9E
                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DB8
                                                                                • MulDiv.KERNEL32(00000000,00000000), ref: 00401DC0
                                                                                • ReleaseDC.USER32(?,00000000), ref: 00401DD1
                                                                                • CreateFontIndirectA.GDI32(00414418), ref: 00401E20
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                • String ID: MS Shell Dlg
                                                                                • API String ID: 3808545654-76309092
                                                                                • Opcode ID: f592c05a4aa41413d76682ba287349174b279d32fcdcd62327a061fd3fecde38
                                                                                • Instruction ID: 8eb8a613e517b0ada4c927cb5962fe8d64921dcd133049690b029bc7932b5da1
                                                                                • Opcode Fuzzy Hash: f592c05a4aa41413d76682ba287349174b279d32fcdcd62327a061fd3fecde38
                                                                                • Instruction Fuzzy Hash: 1B017571944240AFE7005BB4BE59BDA3FB49B99705F10843AF141B61E2CA7904458F2D
                                                                                APIs
                                                                                • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402C97
                                                                                • MulDiv.KERNEL32(04C85BD4,00000064,04C85BD8), ref: 00402CC2
                                                                                • wsprintfA.USER32 ref: 00402CD2
                                                                                • SetWindowTextA.USER32(?,?), ref: 00402CE2
                                                                                • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402CF4
                                                                                Strings
                                                                                • verifying installer: %d%%, xrefs: 00402CCC
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: Text$ItemTimerWindowwsprintf
                                                                                • String ID: verifying installer: %d%%
                                                                                • API String ID: 1451636040-82062127
                                                                                • Opcode ID: d562dd5390d3a0e7d9675bc1a4fc8cfd357df08b0b8af2f41c950853e011aaf8
                                                                                • Instruction ID: 3314197b3f9f5dc33a1332829412108c9be2eec106a00c297f207c8eb8ab8f63
                                                                                • Opcode Fuzzy Hash: d562dd5390d3a0e7d9675bc1a4fc8cfd357df08b0b8af2f41c950853e011aaf8
                                                                                • Instruction Fuzzy Hash: AD014F70640208FBEF249F61DD09EEE37A9AB04304F008039FA06B52D0DBB999558F59
                                                                                APIs
                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402790
                                                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 004027AC
                                                                                • GlobalFree.KERNEL32(?), ref: 004027EB
                                                                                • GlobalFree.KERNEL32(00000000), ref: 004027FE
                                                                                • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 00402816
                                                                                • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040282A
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                • String ID:
                                                                                • API String ID: 2667972263-0
                                                                                • Opcode ID: adc14c698ea9f6e2abac3a03bd9f9e1104f5e15cfd0a5a3d471f2bb4dcc3505b
                                                                                • Instruction ID: 8a438bf96df610f2c0569d5b63dfc02eada2097e819d04fb11786cc16195dd52
                                                                                • Opcode Fuzzy Hash: adc14c698ea9f6e2abac3a03bd9f9e1104f5e15cfd0a5a3d471f2bb4dcc3505b
                                                                                • Instruction Fuzzy Hash: 37219F71800124BBDF217FA5CE49E9E7B79AF09364F14423AF510762E1CB7959009FA8
                                                                                APIs
                                                                                • CharNextA.USER32(?,*?|<>/":,00000000,0047B000,74DF3410,00485000,00000000,004031E7,00485000,00485000,0040341E,?,00000006,00000008,0000000A), ref: 00406262
                                                                                • CharNextA.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 0040626F
                                                                                • CharNextA.USER32(?,0047B000,74DF3410,00485000,00000000,004031E7,00485000,00485000,0040341E,?,00000006,00000008,0000000A), ref: 00406274
                                                                                • CharPrevA.USER32(?,?,74DF3410,00485000,00000000,004031E7,00485000,00485000,0040341E,?,00000006,00000008,0000000A), ref: 00406284
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: Char$Next$Prev
                                                                                • String ID: *?|<>/":
                                                                                • API String ID: 589700163-165019052
                                                                                • Opcode ID: baaf8be525beb263cd2d66daa4244c7e43047c81ac15102dd5c23876bc89bcef
                                                                                • Instruction ID: 9cd3e807bb29f508aa56cad56700fba7970b0901ce3b2fdefae83793710aaee6
                                                                                • Opcode Fuzzy Hash: baaf8be525beb263cd2d66daa4244c7e43047c81ac15102dd5c23876bc89bcef
                                                                                • Instruction Fuzzy Hash: 1411E26180479129EB327A385C40BB76FD84F57764F1A04FFE8C6722C2C67C5C6292AE
                                                                                APIs
                                                                                • GetDlgItem.USER32(?), ref: 00401D45
                                                                                • GetClientRect.USER32(00000000,?), ref: 00401D52
                                                                                • LoadImageA.USER32(?,00000000,?,?,?,?), ref: 00401D73
                                                                                • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D81
                                                                                • DeleteObject.GDI32(00000000), ref: 00401D90
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                • String ID:
                                                                                • API String ID: 1849352358-0
                                                                                • Opcode ID: a964d8526154f294e612e7d9ff9cc29c2813b3260cc8b6307f377bf4ad37abae
                                                                                • Instruction ID: 282c70e257672687937977203f7442070c9d6a131f668edff497fc8f2aae4d78
                                                                                • Opcode Fuzzy Hash: a964d8526154f294e612e7d9ff9cc29c2813b3260cc8b6307f377bf4ad37abae
                                                                                • Instruction Fuzzy Hash: 6DF0ECB2600515BFDB00ABA4DE89DAFB7BCEB44305B04446AF641F2191CA748D018B38
                                                                                APIs
                                                                                • lstrlenA.KERNEL32(0043C070,0043C070,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004047A3,000000DF,00000000,00000400,?), ref: 00404926
                                                                                • wsprintfA.USER32 ref: 0040492E
                                                                                • SetDlgItemTextA.USER32(?,0043C070), ref: 00404941
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: ItemTextlstrlenwsprintf
                                                                                • String ID: %u.%u%s%s
                                                                                • API String ID: 3540041739-3551169577
                                                                                • Opcode ID: 804bf471802499da587795cb7ce61e75a366ce640a852ab7eb01692b6b25406e
                                                                                • Instruction ID: 430113f872b093d5cb5bf88e97724e3c6f0970b02c9770434da8b0d71da58b6f
                                                                                • Opcode Fuzzy Hash: 804bf471802499da587795cb7ce61e75a366ce640a852ab7eb01692b6b25406e
                                                                                • Instruction Fuzzy Hash: 5A110A776042282BEB00666D9C41EAF3698DB86374F254637FA65F31D1E978CC1242E8
                                                                                APIs
                                                                                • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402C32
                                                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402C3B
                                                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402C5C
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: Close$Enum
                                                                                • String ID:
                                                                                • API String ID: 464197530-0
                                                                                • Opcode ID: 36a723ba0b9fe6841f0d996bf234943a63eacbada2c77057d577eaa1ff2cf2a2
                                                                                • Instruction ID: bf26dd322600c86e705ae03821e5e95be148f4b98a6ddde11b8b46473537de7c
                                                                                • Opcode Fuzzy Hash: 36a723ba0b9fe6841f0d996bf234943a63eacbada2c77057d577eaa1ff2cf2a2
                                                                                • Instruction Fuzzy Hash: 0E115832504109FBEF129F90CF09F9E7B69AB08380F104076BD45B51E0EBB59E11AAA8
                                                                                APIs
                                                                                • CharNextA.USER32(?,?,C:\,?,00405A3D,C:\,C:\,74DF3410,?,00485000,00405788,?,74DF3410,00485000,00000000), ref: 004059DF
                                                                                • CharNextA.USER32(00000000), ref: 004059E4
                                                                                • CharNextA.USER32(00000000), ref: 004059F8
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: CharNext
                                                                                • String ID: C:\
                                                                                • API String ID: 3213498283-3404278061
                                                                                • Opcode ID: 6ae5a98c75981dc822015e60cfe3a73e92d8e62117e7577616a1c134a98ac786
                                                                                • Instruction ID: bee55f49184efbd237be32f98b77ae0f226092122a380d38f2b678f3dbc68710
                                                                                • Opcode Fuzzy Hash: 6ae5a98c75981dc822015e60cfe3a73e92d8e62117e7577616a1c134a98ac786
                                                                                • Instruction Fuzzy Hash: 26F0F6A1B18F546AFB3262681C94B7B5F8CCB95360F18427BDA40772C2C27C4C408FAA
                                                                                APIs
                                                                                • DestroyWindow.USER32(00000000,00000000,00402EDF,00000001), ref: 00402D12
                                                                                • GetTickCount.KERNEL32 ref: 00402D30
                                                                                • CreateDialogParamA.USER32(0000006F,00000000,00402C7C,00000000), ref: 00402D4D
                                                                                • ShowWindow.USER32(00000000,00000005), ref: 00402D5B
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                • String ID:
                                                                                • API String ID: 2102729457-0
                                                                                • Opcode ID: 947536967f4a43c584f650ab2a8ee216eadfbd9976cd6052f6af3916685ae4bc
                                                                                • Instruction ID: 2b7c5c63cbd29ff72544cae52a3e23fe45e5b8c23cd2423cebb75ca464e8a8de
                                                                                • Opcode Fuzzy Hash: 947536967f4a43c584f650ab2a8ee216eadfbd9976cd6052f6af3916685ae4bc
                                                                                • Instruction Fuzzy Hash: 1BF05E30A01720ABC6216F60FE4CA9B7A64AB09B16711047AF548B11E5CB78489A8B9D
                                                                                APIs
                                                                                • IsWindowVisible.USER32(?), ref: 0040506A
                                                                                • CallWindowProcA.USER32(?,?,?,?), ref: 004050BB
                                                                                  • Part of subcall function 0040408B: SendMessageA.USER32(?,00000000,00000000,00000000), ref: 0040409D
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: Window$CallMessageProcSendVisible
                                                                                • String ID:
                                                                                • API String ID: 3748168415-3916222277
                                                                                • Opcode ID: 05cf8713f746d9a4a406987c7a2bd7a615f31e4f64c05b68a76d054521028bb6
                                                                                • Instruction ID: 93015a436933028849a201d13bca6df21ec4f6fc61c1de1602f9096dd373d7f3
                                                                                • Opcode Fuzzy Hash: 05cf8713f746d9a4a406987c7a2bd7a615f31e4f64c05b68a76d054521028bb6
                                                                                • Instruction Fuzzy Hash: 90017C72200A48EFDF209F51DD80AAF3B65EB84750F14403BFA41B61D1D73A8C929FA9
                                                                                APIs
                                                                                • RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,00002000,Remove folder: ,?,?,?,?,00000002,Remove folder: ,?,004060CB,80000002), ref: 00405ECD
                                                                                • RegCloseKey.ADVAPI32(?,?,004060CB,80000002,Software\Microsoft\Windows\CurrentVersion,Remove folder: ,Remove folder: ,Remove folder: ,?,Remove folder: C:\Users\user\AppData\Local\Temp\nsi71EB.tmp\), ref: 00405ED8
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: CloseQueryValue
                                                                                • String ID: Remove folder:
                                                                                • API String ID: 3356406503-1958208860
                                                                                • Opcode ID: a46a7b2256a3cf94146298450ac36a8ef4ab1670e4172636b82585cecf65f891
                                                                                • Instruction ID: 42c18038d83e96b8be8c57851daa943d9c6deca899c079ab392a8b0fbbc298b2
                                                                                • Opcode Fuzzy Hash: a46a7b2256a3cf94146298450ac36a8ef4ab1670e4172636b82585cecf65f891
                                                                                • Instruction Fuzzy Hash: 07015A72500609EBDF228F61CD09FDB3BA9EF55360F00402AF995A2191D778DA54DBA4
                                                                                APIs
                                                                                • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00448078,Error launching installer), ref: 00405668
                                                                                • CloseHandle.KERNEL32(?), ref: 00405675
                                                                                Strings
                                                                                • Error launching installer, xrefs: 00405652
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: CloseCreateHandleProcess
                                                                                • String ID: Error launching installer
                                                                                • API String ID: 3712363035-66219284
                                                                                • Opcode ID: aaef83747aa1b203b2a57743586283d67b6f7f696a6a6629dc51cceb7310efa5
                                                                                • Instruction ID: dbacb55137c0e446f5e74d91210fb43b788ebff64a81b2029776477596ab8b01
                                                                                • Opcode Fuzzy Hash: aaef83747aa1b203b2a57743586283d67b6f7f696a6a6629dc51cceb7310efa5
                                                                                • Instruction Fuzzy Hash: DAE092B4610209BFEB109BA4EE09F7B7AADEB10604F514425B914E2190EA7598189A7C
                                                                                APIs
                                                                                • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405CF9,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405AAE
                                                                                • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405AC6
                                                                                • CharNextA.USER32(00000000,?,00000000,00405CF9,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405AD7
                                                                                • lstrlenA.KERNEL32(00000000,?,00000000,00405CF9,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405AE0
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.1981312703.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 00000000.00000002.1981272702.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981342357.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000414000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000438000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000444000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000446000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000457000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000487000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1981380582.0000000000495000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.1982128295.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_400000_KyrazonSetup.jbxd
                                                                                Similarity
                                                                                • API ID: lstrlen$CharNextlstrcmpi
                                                                                • String ID:
                                                                                • API String ID: 190613189-0
                                                                                • Opcode ID: 63752835767028d7570d3bd2c367202728d3e51619cdcd0ff30af86384407b43
                                                                                • Instruction ID: 2b94cf21fc0d9439dbab8b822db930a3447ea2d2cb1db815078a5a090280caf9
                                                                                • Opcode Fuzzy Hash: 63752835767028d7570d3bd2c367202728d3e51619cdcd0ff30af86384407b43
                                                                                • Instruction Fuzzy Hash: 6DF0C231201918AFCB02DBA8CD4099FBBA8EF06350B2540B9E841F7211D674EE01AFA9

                                                                                Execution Graph

                                                                                Execution Coverage:6%
                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                Signature Coverage:0.8%
                                                                                Total number of Nodes:621
                                                                                Total number of Limit Nodes:23
                                                                                execution_graph 3687 404ca0 3688 404d32 3687->3688 3690 404cbe 3687->3690 3689 404ba8 RtlUnwind 3689->3690 3690->3688 3690->3689 3632 405001 3633 405008 3632->3633 3634 405010 MultiByteToWideChar 3633->3634 3635 405039 3633->3635 3634->3635 3636 405029 GetStringTypeW 3634->3636 3636->3635 3691 403fa1 3692 403fb0 3691->3692 3693 403fb5 MultiByteToWideChar 3692->3693 3694 40401b 3692->3694 3693->3694 3695 403fce LCMapStringW 3693->3695 3695->3694 3696 403fe9 3695->3696 3697 403fef 3696->3697 3699 40402f 3696->3699 3697->3694 3698 403ffd LCMapStringW 3697->3698 3698->3694 3699->3694 3700 404067 LCMapStringW 3699->3700 3700->3694 3701 40407f WideCharToMultiByte 3700->3701 3701->3694 3675 404055 3676 404063 3675->3676 3677 404067 LCMapStringW 3676->3677 3678 40401b 3676->3678 3677->3678 3679 40407f WideCharToMultiByte 3677->3679 3679->3678 3703 4071e7 3704 402e4a 7 API calls 3703->3704 3705 4071ee 3704->3705 3681 404c98 3684 404ca0 3681->3684 3682 404d32 3684->3682 3685 404ba8 RtlUnwind 3684->3685 3686 404bc0 3685->3686 3686->3684 3706 403c68 3707 403c75 3706->3707 3714 40558a 3707->3714 3709 403c8f 3710 40558a 12 API calls 3709->3710 3713 403cba 3709->3713 3711 403ca8 3710->3711 3712 402e4a 7 API calls 3711->3712 3711->3713 3712->3713 3715 40559e 3714->3715 3716 4055f5 HeapAlloc 3715->3716 3717 406304 5 API calls 3715->3717 3718 405620 3715->3718 3719 406ab1 6 API calls 3715->3719 3716->3715 3716->3718 3717->3715 3718->3709 3719->3715 3019 402d6b GetVersion 3040 404b4a HeapCreate 3019->3040 3021 402dc9 3022 402dd6 3021->3022 3023 402dce 3021->3023 3052 40482a 3022->3052 3187 402e6f 3023->3187 3027 402ddf GetCommandLineA 3066 4046f8 3027->3066 3031 402df9 3089 4043f2 3031->3089 3033 402dfe 3102 401000 3033->3102 3035 402e1f 3202 404199 3035->3202 3041 404ba0 3040->3041 3042 404b6a 3040->3042 3041->3021 3209 404a02 3042->3209 3045 404b79 3221 405f68 HeapAlloc 3045->3221 3046 404ba3 3046->3021 3047 404b86 3047->3046 3223 4067b9 3047->3223 3050 404b83 3050->3046 3051 404b94 HeapDestroy 3050->3051 3051->3041 3286 40504d 3052->3286 3055 404849 GetStartupInfoA 3061 40495a 3055->3061 3065 404895 3055->3065 3058 4049c1 SetHandleCount 3058->3027 3059 404981 GetStdHandle 3059->3061 3062 40498f GetFileType 3059->3062 3060 40504d 12 API calls 3060->3065 3061->3058 3061->3059 3062->3061 3063 404906 3063->3061 3064 404928 GetFileType 3063->3064 3064->3063 3065->3060 3065->3061 3065->3063 3067 404713 GetEnvironmentStringsW 3066->3067 3068 404746 3066->3068 3069 404727 GetEnvironmentStrings 3067->3069 3071 40471b 3067->3071 3070 404737 3068->3070 3068->3071 3069->3070 3072 402def 3069->3072 3070->3072 3076 4047e5 3070->3076 3077 4047d9 GetEnvironmentStrings 3070->3077 3073 404753 GetEnvironmentStringsW 3071->3073 3074 40475f WideCharToMultiByte 3071->3074 3193 4044ab 3072->3193 3073->3072 3073->3074 3078 404793 3074->3078 3079 4047c5 FreeEnvironmentStringsW 3074->3079 3080 40504d 12 API calls 3076->3080 3077->3072 3077->3076 3081 40504d 12 API calls 3078->3081 3079->3072 3087 404800 3080->3087 3082 404799 3081->3082 3082->3079 3083 4047a2 WideCharToMultiByte 3082->3083 3085 4047bc 3083->3085 3086 4047b3 3083->3086 3084 404816 FreeEnvironmentStringsA 3084->3072 3085->3079 3354 405232 3086->3354 3087->3084 3090 4043ff 3089->3090 3092 404404 3089->3092 3384 403257 3090->3384 3093 40504d 12 API calls 3092->3093 3094 404431 3093->3094 3095 402e4a 7 API calls 3094->3095 3101 404445 3094->3101 3095->3101 3096 404488 3097 405232 7 API calls 3096->3097 3098 404494 3097->3098 3098->3033 3099 40504d 12 API calls 3099->3101 3100 402e4a 7 API calls 3100->3101 3101->3096 3101->3099 3101->3100 3103 401624 3102->3103 3183 40111b 3102->3183 3104 4016dc 3103->3104 3105 401646 3103->3105 3106 401cf0 26 API calls 3104->3106 3107 40165c CoInitialize 3105->3107 3109 4029c7 26 API calls 3105->3109 3108 401c09 3106->3108 3110 40166d 3107->3110 3111 40167c 3107->3111 3108->3035 3112 401659 3109->3112 3113 4029c7 26 API calls 3110->3113 3114 40168a 3111->3114 3154 4019ce 3111->3154 3112->3107 3113->3111 3115 401691 3114->3115 3116 40182f 3114->3116 3118 401694 3115->3118 3119 4016eb 3115->3119 3117 402420 32 API calls 3116->3117 3121 401834 3117->3121 3456 401cf0 3118->3456 3536 402420 CoCreateInstance 3119->3536 3127 4029c7 26 API calls 3121->3127 3164 40184a 3121->3164 3123 402bfd 15 API calls 3123->3183 3125 4016a3 3129 401b6c CoUninitialize 3125->3129 3449 4029c7 3125->3449 3126 401706 3126->3125 3131 4029c7 26 API calls 3126->3131 3127->3164 3128 4029c7 26 API calls 3128->3126 3132 401b80 3129->3132 3134 401720 3131->3134 3135 401ba1 3132->3135 3136 401bb8 3132->3136 3137 4029c7 26 API calls 3132->3137 3140 4029c7 26 API calls 3134->3140 3135->3136 3141 4029c7 26 API calls 3135->3141 3138 401bd9 3136->3138 3139 401bbf 3136->3139 3137->3135 3143 4029c7 26 API calls 3138->3143 3142 4029c7 26 API calls 3139->3142 3144 401732 3140->3144 3141->3136 3145 401bc9 3142->3145 3146 401be4 3143->3146 3147 4029c7 26 API calls 3144->3147 3145->3035 3573 401c20 3146->3573 3148 401744 3147->3148 3150 4029c7 26 API calls 3148->3150 3152 401756 3150->3152 3153 4029c7 26 API calls 3152->3153 3155 401768 3153->3155 3408 402160 CoCreateInstance 3154->3408 3156 4029c7 26 API calls 3155->3156 3158 40177a 3156->3158 3160 4029c7 26 API calls 3158->3160 3159 401b3d 3159->3129 3162 4029c7 26 API calls 3159->3162 3161 40178c 3160->3161 3163 4029c7 26 API calls 3161->3163 3162->3125 3165 4017a0 3163->3165 3164->3125 3166 402160 28 API calls 3164->3166 3167 4029c7 26 API calls 3165->3167 3168 4019ba 3166->3168 3169 4017b9 3167->3169 3168->3129 3168->3159 3170 4029c7 26 API calls 3169->3170 3171 4017d1 3170->3171 3558 401fa0 3171->3558 3172 402a83 6 API calls 3172->3183 3173 402a8e 15 API calls 3173->3183 3175 4017e6 3176 4029c7 26 API calls 3175->3176 3177 401808 3176->3177 3178 4029c7 26 API calls 3177->3178 3180 40181a 3178->3180 3179 4029c7 26 API calls 3179->3183 3181 4029c7 26 API calls 3180->3181 3182 401827 3181->3182 3182->3125 3183->3103 3183->3104 3183->3123 3183->3172 3183->3173 3183->3179 3184 4016b0 3183->3184 3185 4029c7 26 API calls 3184->3185 3186 4016c9 3185->3186 3186->3035 3188 402e78 3187->3188 3189 402e7d 3187->3189 3190 404d78 7 API calls 3188->3190 3191 404db1 7 API calls 3189->3191 3190->3189 3192 402e86 ExitProcess 3191->3192 3194 4044c2 GetModuleFileNameA 3193->3194 3195 4044bd 3193->3195 3197 4044e5 3194->3197 3196 403257 19 API calls 3195->3196 3196->3194 3198 40504d 12 API calls 3197->3198 3199 404506 3198->3199 3200 404516 3199->3200 3201 402e4a 7 API calls 3199->3201 3200->3031 3201->3200 3622 4041bb 3202->3622 3205 40426e 3206 40427a 3205->3206 3207 4043a3 UnhandledExceptionFilter 3206->3207 3208 402e3c 3206->3208 3207->3208 3232 405760 3209->3232 3212 404a45 GetEnvironmentVariableA 3216 404a64 3212->3216 3220 404b22 3212->3220 3213 404a2b 3213->3212 3214 404a3d 3213->3214 3214->3045 3214->3047 3217 404aa9 GetModuleFileNameA 3216->3217 3219 404aa1 3216->3219 3217->3219 3219->3220 3234 405bb5 3219->3234 3220->3214 3237 4049d5 GetModuleHandleA 3220->3237 3222 405f84 3221->3222 3222->3050 3224 4067c6 3223->3224 3225 4067cd HeapAlloc 3223->3225 3226 4067ea VirtualAlloc 3224->3226 3225->3226 3231 406822 3225->3231 3227 40680a VirtualAlloc 3226->3227 3228 4068df 3226->3228 3229 4068d1 VirtualFree 3227->3229 3227->3231 3230 4068e7 HeapFree 3228->3230 3228->3231 3229->3228 3230->3231 3231->3050 3233 404a0f GetVersionExA 3232->3233 3233->3212 3233->3213 3239 405bcc 3234->3239 3238 4049ec 3237->3238 3238->3214 3241 405be4 3239->3241 3242 405c14 3241->3242 3246 403d21 3241->3246 3243 405bc8 3242->3243 3244 403d21 6 API calls 3242->3244 3250 407324 3242->3250 3243->3220 3244->3242 3247 403d3f 3246->3247 3249 403d33 3246->3249 3256 404f04 3247->3256 3249->3241 3251 40734f 3250->3251 3252 407332 3250->3252 3253 40736b 3251->3253 3254 403d21 6 API calls 3251->3254 3252->3242 3253->3252 3268 403e8d 3253->3268 3254->3253 3257 404f4d 3256->3257 3258 404f35 GetStringTypeW 3256->3258 3260 404f78 GetStringTypeA 3257->3260 3261 404f9c 3257->3261 3258->3257 3259 404f51 GetStringTypeA 3258->3259 3259->3257 3262 405039 3259->3262 3260->3262 3261->3262 3264 404fb2 MultiByteToWideChar 3261->3264 3262->3249 3264->3262 3265 404fd6 3264->3265 3265->3262 3266 405010 MultiByteToWideChar 3265->3266 3266->3262 3267 405029 GetStringTypeW 3266->3267 3267->3262 3269 403ed9 3268->3269 3270 403ebd LCMapStringW 3268->3270 3272 403f22 LCMapStringA 3269->3272 3273 403f3f 3269->3273 3270->3269 3271 403ee1 LCMapStringA 3270->3271 3271->3269 3280 40401b 3271->3280 3272->3280 3274 403f55 MultiByteToWideChar 3273->3274 3273->3280 3275 403f7f 3274->3275 3274->3280 3276 403fb5 MultiByteToWideChar 3275->3276 3275->3280 3277 403fce LCMapStringW 3276->3277 3276->3280 3278 403fe9 3277->3278 3277->3280 3279 403fef 3278->3279 3282 40402f 3278->3282 3279->3280 3281 403ffd LCMapStringW 3279->3281 3280->3252 3281->3280 3282->3280 3283 404067 LCMapStringW 3282->3283 3283->3280 3284 40407f WideCharToMultiByte 3283->3284 3284->3280 3295 40505f 3286->3295 3289 402e4a 3290 402e53 3289->3290 3291 402e58 3289->3291 3334 404d78 3290->3334 3340 404db1 3291->3340 3296 40483b 3295->3296 3298 405066 3295->3298 3296->3055 3296->3289 3298->3296 3299 40508b 3298->3299 3300 40509a 3299->3300 3303 4050af 3299->3303 3301 4050a8 3300->3301 3310 406304 3300->3310 3304 4050ee RtlAllocateHeap 3301->3304 3305 4050ad 3301->3305 3303->3301 3303->3304 3306 4050cf 3303->3306 3307 4050fd 3304->3307 3305->3298 3316 406ab1 3306->3316 3307->3298 3309 4050da 3309->3304 3309->3307 3314 406336 3310->3314 3311 4063d5 3313 4063e4 3311->3313 3330 4066be 3311->3330 3313->3301 3314->3311 3314->3313 3323 40660d 3314->3323 3317 406abf 3316->3317 3318 406bab VirtualAlloc 3317->3318 3319 406c80 3317->3319 3322 406b7c 3317->3322 3318->3322 3320 4067b9 5 API calls 3319->3320 3320->3322 3322->3309 3324 406650 HeapAlloc 3323->3324 3325 406620 HeapReAlloc 3323->3325 3326 4066a0 3324->3326 3328 406676 VirtualAlloc 3324->3328 3325->3326 3327 40663f 3325->3327 3326->3311 3327->3324 3328->3326 3329 406690 HeapFree 3328->3329 3329->3326 3331 4066d0 VirtualAlloc 3330->3331 3333 406719 3331->3333 3333->3313 3335 404d82 3334->3335 3336 404db1 7 API calls 3335->3336 3339 404daf 3335->3339 3337 404d99 3336->3337 3338 404db1 7 API calls 3337->3338 3338->3339 3339->3291 3342 404dc4 3340->3342 3341 402e61 3341->3055 3342->3341 3343 404edb 3342->3343 3344 404e04 3342->3344 3345 404eee GetStdHandle WriteFile 3343->3345 3344->3341 3346 404e10 GetModuleFileNameA 3344->3346 3345->3341 3347 404e28 3346->3347 3349 406ddd 3347->3349 3350 406dea LoadLibraryA 3349->3350 3351 406e2c 3349->3351 3350->3351 3352 406dfb GetProcAddress 3350->3352 3351->3341 3352->3351 3353 406e12 GetProcAddress GetProcAddress 3352->3353 3353->3351 3355 40523e 3354->3355 3363 40525a 3354->3363 3356 40525e 3355->3356 3359 405248 3355->3359 3357 405289 3356->3357 3362 405278 3356->3362 3358 40528a HeapFree 3357->3358 3358->3363 3359->3358 3360 405254 3359->3360 3365 405fdb 3360->3365 3371 406a6c 3362->3371 3363->3085 3366 406019 3365->3366 3370 4062cf 3365->3370 3367 406215 VirtualFree 3366->3367 3366->3370 3368 406279 3367->3368 3369 406288 VirtualFree HeapFree 3368->3369 3368->3370 3369->3370 3370->3363 3372 406aaf 3371->3372 3373 406a99 3371->3373 3372->3363 3373->3372 3375 406953 3373->3375 3378 406960 3375->3378 3376 406a10 3376->3372 3377 406981 VirtualFree 3377->3378 3378->3376 3378->3377 3380 4068fd VirtualFree 3378->3380 3381 40691a 3380->3381 3382 40694a 3381->3382 3383 40692a HeapFree 3381->3383 3382->3378 3383->3378 3385 403260 3384->3385 3386 403267 3384->3386 3388 402e93 3385->3388 3386->3092 3395 40302c 3388->3395 3390 403020 3390->3386 3393 402ed6 GetCPInfo 3394 402eea 3393->3394 3394->3390 3400 4030d2 GetCPInfo 3394->3400 3396 40304c 3395->3396 3397 40303c GetOEMCP 3395->3397 3398 403051 GetACP 3396->3398 3399 402ea4 3396->3399 3397->3396 3398->3399 3399->3390 3399->3393 3399->3394 3401 4031bd 3400->3401 3405 4030f5 3400->3405 3401->3390 3402 404f04 6 API calls 3403 403171 3402->3403 3404 403e8d 9 API calls 3403->3404 3406 403195 3404->3406 3405->3402 3407 403e8d 9 API calls 3406->3407 3407->3401 3409 40218b 3408->3409 3412 402196 3408->3412 3410 4029c7 26 API calls 3409->3410 3410->3412 3411 4021c6 3414 4021e6 3411->3414 3415 402207 3411->3415 3416 4021fa 3411->3416 3412->3411 3413 4029c7 26 API calls 3412->3413 3412->3416 3413->3411 3414->3416 3417 4029c7 26 API calls 3414->3417 3418 40221c 3415->3418 3419 40223d 3415->3419 3416->3159 3417->3416 3418->3416 3420 4029c7 26 API calls 3418->3420 3421 402252 3419->3421 3422 402273 3419->3422 3423 402230 3420->3423 3421->3416 3424 4029c7 26 API calls 3421->3424 3426 40228a 3422->3426 3427 4022af 3422->3427 3423->3159 3425 402266 3424->3425 3425->3159 3426->3416 3428 4029c7 26 API calls 3426->3428 3430 4022cb 3427->3430 3432 4022f0 3427->3432 3429 4022a2 3428->3429 3429->3159 3430->3416 3431 4029c7 26 API calls 3430->3431 3433 4022e3 3431->3433 3434 402308 3432->3434 3435 40232d 3432->3435 3433->3159 3434->3416 3436 4029c7 26 API calls 3434->3436 3438 402342 3435->3438 3439 402367 MultiByteToWideChar 3435->3439 3437 402320 3436->3437 3437->3159 3438->3416 3440 4029c7 26 API calls 3438->3440 3441 402393 3439->3441 3442 40235a 3440->3442 3443 402399 3441->3443 3446 4023be 3441->3446 3442->3159 3443->3416 3444 4029c7 26 API calls 3443->3444 3445 4023b1 3444->3445 3445->3159 3446->3416 3447 4029c7 26 API calls 3446->3447 3448 4023eb 3447->3448 3448->3159 3583 403337 3449->3583 3455 401b69 3455->3129 3457 401d40 3456->3457 3458 4029c7 26 API calls 3457->3458 3459 401d75 3458->3459 3460 4029c7 26 API calls 3459->3460 3461 401d8c 3460->3461 3462 4029c7 26 API calls 3461->3462 3463 401d99 3462->3463 3464 4029c7 26 API calls 3463->3464 3465 401dab 3464->3465 3466 4029c7 26 API calls 3465->3466 3467 401db8 3466->3467 3468 4029c7 26 API calls 3467->3468 3469 401dc5 3468->3469 3470 4029c7 26 API calls 3469->3470 3471 401dd2 3470->3471 3472 4029c7 26 API calls 3471->3472 3473 401ddf 3472->3473 3474 4029c7 26 API calls 3473->3474 3475 401df1 3474->3475 3476 4029c7 26 API calls 3475->3476 3477 401dfe 3476->3477 3478 4029c7 26 API calls 3477->3478 3479 401e0b 3478->3479 3480 4029c7 26 API calls 3479->3480 3481 401e18 3480->3481 3482 4029c7 26 API calls 3481->3482 3483 401e25 3482->3483 3484 4029c7 26 API calls 3483->3484 3485 401e32 3484->3485 3486 4029c7 26 API calls 3485->3486 3487 401e3f 3486->3487 3488 4029c7 26 API calls 3487->3488 3489 401e4c 3488->3489 3490 4029c7 26 API calls 3489->3490 3491 401e59 3490->3491 3492 4029c7 26 API calls 3491->3492 3493 401e66 3492->3493 3494 4029c7 26 API calls 3493->3494 3495 401e73 3494->3495 3496 4029c7 26 API calls 3495->3496 3497 401e80 3496->3497 3498 4029c7 26 API calls 3497->3498 3499 401e8d 3498->3499 3500 4029c7 26 API calls 3499->3500 3501 401e9a 3500->3501 3502 4029c7 26 API calls 3501->3502 3503 401ea7 3502->3503 3504 4029c7 26 API calls 3503->3504 3505 401eb4 3504->3505 3506 4029c7 26 API calls 3505->3506 3507 401ec1 3506->3507 3508 4029c7 26 API calls 3507->3508 3509 401ece 3508->3509 3510 4029c7 26 API calls 3509->3510 3511 401edb 3510->3511 3512 4029c7 26 API calls 3511->3512 3513 401ee8 3512->3513 3514 4029c7 26 API calls 3513->3514 3515 401ef5 3514->3515 3516 4029c7 26 API calls 3515->3516 3517 401f07 3516->3517 3518 4029c7 26 API calls 3517->3518 3519 401f19 3518->3519 3520 4029c7 26 API calls 3519->3520 3521 401f2b 3520->3521 3522 4029c7 26 API calls 3521->3522 3523 401f38 3522->3523 3524 4029c7 26 API calls 3523->3524 3525 401f45 3524->3525 3526 4029c7 26 API calls 3525->3526 3527 401f54 3526->3527 3528 4029c7 26 API calls 3527->3528 3529 401f61 3528->3529 3530 4029c7 26 API calls 3529->3530 3531 401f6e 3530->3531 3532 4029c7 26 API calls 3531->3532 3533 401f7b 3532->3533 3534 4029c7 26 API calls 3533->3534 3535 401f88 3534->3535 3535->3125 3537 40251f 3536->3537 3541 40252a 3536->3541 3539 4029c7 26 API calls 3537->3539 3538 4016f0 3538->3126 3538->3128 3539->3541 3540 40255e 3540->3538 3543 402569 MultiByteToWideChar 3540->3543 3541->3538 3541->3540 3542 4029c7 26 API calls 3541->3542 3542->3540 3544 40259b 3543->3544 3545 4029c7 26 API calls 3544->3545 3546 4025b1 3544->3546 3545->3546 3546->3538 3547 4029c7 26 API calls 3546->3547 3549 4025e1 3546->3549 3547->3549 3548 402623 3551 402630 ExpandEnvironmentStringsA 3548->3551 3552 402672 3548->3552 3549->3538 3549->3548 3550 4029c7 26 API calls 3549->3550 3550->3548 3551->3552 3553 4026b4 ExpandEnvironmentStringsA 3552->3553 3554 4026f6 3552->3554 3553->3554 3555 402735 ExpandEnvironmentStringsA 3554->3555 3556 402771 3554->3556 3555->3556 3556->3538 3557 4027d4 ExpandEnvironmentStringsA 3556->3557 3557->3538 3559 401fb0 3558->3559 3560 402137 3558->3560 3561 4029c7 26 API calls 3559->3561 3564 401fdd 3559->3564 3560->3175 3561->3564 3562 401fe9 MapVirtualKeyA GetKeyNameTextA 3563 40203b 3562->3563 3565 402040 MapVirtualKeyA GetKeyNameTextA 3563->3565 3566 402092 3563->3566 3564->3562 3564->3563 3565->3566 3567 402097 MapVirtualKeyA GetKeyNameTextA 3566->3567 3568 4020e9 MapVirtualKeyA 3566->3568 3567->3568 3569 402117 GetKeyNameTextA 3568->3569 3570 4020f9 3568->3570 3569->3175 3570->3569 3571 4029c7 26 API calls 3570->3571 3572 402114 3571->3572 3572->3569 3574 401c53 3573->3574 3575 401c6b FormatMessageA 3573->3575 3574->3575 3576 401c5b LoadLibraryExA 3574->3576 3577 401c95 3575->3577 3578 401cd7 3575->3578 3576->3575 3579 4029c7 26 API calls 3577->3579 3580 401bea 3578->3580 3581 401cdb FreeLibrary 3578->3581 3582 401cc9 LocalFree 3579->3582 3580->3035 3581->3580 3582->3578 3585 403344 3583->3585 3584 4029d5 3587 403401 3584->3587 3585->3584 3586 40504d 12 API calls 3585->3586 3586->3584 3588 4029e6 3587->3588 3595 403429 __aulldiv __aullrem 3587->3595 3596 4033c4 3588->3596 3589 403b9f 18 API calls 3589->3595 3590 40504d 12 API calls 3590->3595 3591 40531b WideCharToMultiByte 3591->3595 3592 405232 7 API calls 3592->3595 3593 403bd4 18 API calls 3593->3595 3594 403c05 18 API calls 3594->3595 3595->3588 3595->3589 3595->3590 3595->3591 3595->3592 3595->3593 3595->3594 3597 4033cc 3596->3597 3598 4033ee 3596->3598 3602 4033fe 3597->3602 3603 405160 3597->3603 3600 405160 6 API calls 3598->3600 3598->3602 3600->3602 3602->3455 3604 405176 3603->3604 3606 4033dc 3603->3606 3604->3606 3607 40703a 3604->3607 3606->3455 3609 407055 3607->3609 3612 407084 3607->3612 3608 407098 3611 40716a WriteFile 3608->3611 3615 4070a9 3608->3615 3609->3608 3609->3612 3617 4071f0 3609->3617 3611->3612 3613 40718c GetLastError 3611->3613 3612->3606 3613->3612 3614 4070f5 WriteFile 3614->3615 3616 40715f GetLastError 3614->3616 3615->3612 3615->3614 3616->3612 3618 4071ff 3617->3618 3621 407228 3617->3621 3619 407234 SetFilePointer 3618->3619 3618->3621 3620 40724c GetLastError 3619->3620 3619->3621 3620->3621 3621->3608 3623 4041c7 GetCurrentProcess TerminateProcess 3622->3623 3624 4041d8 3622->3624 3623->3624 3625 402e2b 3624->3625 3626 404242 ExitProcess 3624->3626 3625->3205 3627 4041bb 3628 4041c7 GetCurrentProcess TerminateProcess 3627->3628 3629 4041d8 3627->3629 3628->3629 3630 404252 3629->3630 3631 404242 ExitProcess 3629->3631 3637 403d0d 3643 4051bc 3637->3643 3639 403d20 3640 403d12 3640->3639 3642 405232 7 API calls 3640->3642 3646 4072ce 3640->3646 3642->3640 3656 4051c5 3643->3656 3647 4072e3 3646->3647 3648 4072de 3646->3648 3647->3648 3649 405160 6 API calls 3647->3649 3648->3640 3650 4072ed 3649->3650 3660 4078f6 3650->3660 3654 4072fd 3654->3648 3655 405232 7 API calls 3654->3655 3655->3648 3657 4051c3 3656->3657 3658 4051d6 3656->3658 3657->3640 3658->3657 3659 405125 8 API calls 3658->3659 3659->3658 3661 407902 3660->3661 3662 4072f5 3660->3662 3661->3662 3663 405232 7 API calls 3661->3663 3664 407843 3662->3664 3663->3662 3665 4078c4 3664->3665 3666 407857 3664->3666 3665->3654 3666->3665 3667 4078bc 3666->3667 3669 4078a6 CloseHandle 3666->3669 3671 407725 3667->3671 3669->3667 3670 4078b2 GetLastError 3669->3670 3670->3667 3672 40777e 3671->3672 3674 407733 3671->3674 3672->3665 3673 407778 SetStdHandle 3673->3672 3674->3672 3674->3673 3720 402e3f 3721 402e4a 3720->3721 3727 4041aa 3720->3727 3723 402e58 3721->3723 3724 404d78 7 API calls 3721->3724 3725 404db1 7 API calls 3723->3725 3724->3723 3726 402e61 3725->3726 3728 4041bb 3 API calls 3727->3728 3729 4041b7 3728->3729 3729->3721

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 0 401000-401115 1 401624-40162b 0->1 2 40111b-401122 0->2 3 401631-401640 1->3 4 401bfa-401c03 1->4 5 401125-401137 call 402bfd 2->5 3->4 7 401646-40164d 3->7 6 401c04-401c1b call 401cf0 4->6 17 4016dc-4016e6 5->17 18 40113d-40114f call 402bfd 5->18 10 40165c-40166b CoInitialize 7->10 11 40164f-401659 call 4029c7 7->11 15 40166d-40167c call 4029c7 10->15 16 40167f-401684 10->16 11->10 15->16 21 40168a-40168b 16->21 22 4019ce-4019e5 call 4028e0 16->22 17->6 18->17 33 401155-401167 call 402bfd 18->33 25 401691-401692 21->25 26 40182f-40183d call 402420 21->26 37 4019e7-401a0c 22->37 38 401a0e-401a25 call 4028e0 22->38 30 401694-4016ab call 401cf0 25->30 31 4016eb-4016f9 call 402420 25->31 41 40184d-40184f 26->41 42 40183f-40184a call 4029c7 26->42 52 401b56-401b5d 30->52 48 401709-40170b 31->48 49 4016fb-401706 call 4029c7 31->49 33->17 47 40116d-40117f call 402bfd 33->47 37->38 53 401a27-401a4c 38->53 54 401a4e-401a65 call 4028e0 38->54 51 401855-40186c call 4028e0 41->51 41->52 42->41 47->17 72 401185-4011a7 call 402a8e 47->72 48->52 59 401711-40182a call 4029c7 * 10 call 401fa0 call 4029c7 * 3 48->59 49->48 70 401895-4018ac call 4028e0 51->70 71 40186e-401893 51->71 57 401b6c-401b7e CoUninitialize 52->57 58 401b5f-401b69 call 4029c7 52->58 53->54 83 401a67-401a8c 54->83 84 401a8e-401a9c 54->84 68 401b80-401b85 57->68 69 401b87-401b94 57->69 58->57 59->52 68->69 76 401ba4-401bab 68->76 77 401b96-401ba1 call 4029c7 69->77 78 401bbb-401bbd 69->78 97 4018d5-4018ec call 4028e0 70->97 98 4018ae-4018d3 70->98 71->70 100 4011e1-401203 call 402a8e 72->100 101 4011a9-4011dc 72->101 76->78 81 401bad-401bb8 call 4029c7 76->81 77->76 85 401bd9-401bf9 call 4029c7 call 401c20 78->85 86 401bbf-401bd8 call 4029c7 78->86 81->78 83->84 92 401aa8-401abc call 4028e0 84->92 93 401a9e 84->93 115 401ae8-401af0 92->115 116 401abe-401ae2 92->116 93->92 119 401915-40191e 97->119 120 4018ee-401913 97->120 98->97 121 4012d1-4012f3 call 402a8e 100->121 122 401209-40123a call 402a8e 100->122 108 401609-40161e 101->108 108->1 108->5 123 401af2 115->123 124 401af8-401b0f call 4028e0 115->124 116->115 127 401920 119->127 128 401925-401939 call 4028e0 119->128 120->119 139 4012f5-40132a 121->139 140 40132f-401351 call 402a8e 121->140 141 401249-40127c call 402a8e 122->141 142 40123c-401244 122->142 123->124 136 401b11-401b36 124->136 137 401b38 call 402160 124->137 127->128 148 401965-40196d 128->148 149 40193b-40195f 128->149 136->137 153 401b3d-401b46 137->153 139->108 161 401353-401388 140->161 162 40138d-4013af call 402a8e 140->162 156 40128b-4012be call 402a8e 141->156 157 40127e-401286 141->157 142->108 151 401975-40198c call 4028e0 148->151 152 40196f 148->152 149->148 170 4019b5-4019c3 call 402160 151->170 171 40198e-4019b3 151->171 152->151 153->57 159 401b48-401b53 call 4029c7 153->159 156->108 176 4012c4-4012cc 156->176 157->108 159->52 161->108 174 4013b1-4013e6 162->174 175 4013eb-40140d call 402a8e 162->175 170->57 183 4019c9 170->183 171->170 174->108 185 401432-401454 call 402a8e 175->185 186 40140f-40142d call 402a83 175->186 176->108 183->159 195 40145a-401493 185->195 196 40150e-401530 call 402a8e 185->196 186->108 198 401495-4014a5 call 4029c7 195->198 199 4014a8-4014bd call 402967 195->199 208 401532-401557 call 402a83 196->208 209 40158c-4015ae call 402a8e 196->209 198->199 199->108 210 4014c3-4014d5 199->210 208->108 219 40155d-40158a call 4029c7 * 2 208->219 222 4015b0-4015e5 209->222 223 4015e7-4015f9 call 4028e0 209->223 215 4014e4 210->215 216 4014d7-4014e2 call 402a83 210->216 221 4014e6-4014f0 215->221 216->221 219->108 221->108 226 4014f6-401509 call 4029c7 221->226 222->108 233 4016b0-4016db call 4029c7 223->233 234 4015ff 223->234 226->108 234->108
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.1986606973.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 0000000C.00000002.1986577484.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986637359.0000000000408000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986659879.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986680013.000000000040A000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986706230.000000000040C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986759404.000000000040F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_400000_Shortcut.jbxd
                                                                                Similarity
                                                                                • API ID: InitializeUninitialize
                                                                                • String ID: Arguments=%s$ArgumentsExpanded=%s$Calling CoInitialize()$Calling CoUninitialize()$Description=%s$Exiting with result code [%i]$HOTKEYF_ALT: [%i], HOTKEYF_CONTROL: [%i], HOTKEYF_EXT: [%i], HOTKEYF_SHIFT: [%i]$HRESULT_CODE(ResultCode): [%i]$HotKey=%i (%s)$IconLocation=%s,%i$IconLocationExpanded=%s,%i$RunStyle=%i$SelectedMode: [%i]$ShellLinkCreate() returned [%i]$ShellLinkQuery() returned [%i]$System error %i has occurred.$TargetPath=%s$TargetPathExpanded=%s$The command completed successfully.$The parameter "%s" is invalid.The syntax of the command is incorrect.$WorkingDirectory=%s$WorkingDirectoryExpanded=%s$[%s]$szIconLocation: [%s], iIconIndex: [%i]$wHotKey: [%i]$*undefined*$*undefined*$-help$/A:$/D:$/F:$/H:$/I:$/MegaDeth$/P:$/R:$/T:$/W:$/help$C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KyrazonGodot.lnk
                                                                                • API String ID: 3442037557-4155593404
                                                                                • Opcode ID: cd8161645067e630dad6a5539a586d8c68069ecbf6e443173d7559f8e8043637
                                                                                • Instruction ID: 4cec52f0b69b802efb3a464ec667cbab768a5943839b9d430e7b4baeac5de826
                                                                                • Opcode Fuzzy Hash: cd8161645067e630dad6a5539a586d8c68069ecbf6e443173d7559f8e8043637
                                                                                • Instruction Fuzzy Hash: 3A524571B4020047DB2896759D46A6B76C5AB84325F28073FFC1AB32D2EEFDDD04869D

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 238 402160-402189 CoCreateInstance 239 402199-40219b 238->239 240 40218b-402196 call 4029c7 238->240 242 4021fd-402206 239->242 243 40219d-4021b9 239->243 240->239 246 4021c9-4021cb 243->246 247 4021bb-4021c6 call 4029c7 243->247 248 4021d1-4021e4 246->248 249 402402-40240e 246->249 247->246 254 4021e6-4021ed 248->254 255 402207-40221a 248->255 249->242 256 402414-40241d 249->256 254->242 257 4021ef-4021fa call 4029c7 254->257 261 40221c-402223 255->261 262 40223d-402250 255->262 257->242 261->242 263 402225-40223c call 4029c7 261->263 266 402252-402259 262->266 267 402273-402288 262->267 266->242 269 40225b-402272 call 4029c7 266->269 273 40228a-402291 267->273 274 4022af-4022c9 267->274 273->242 275 402297-4022ae call 4029c7 273->275 278 4022f0-402306 274->278 279 4022cb-4022d2 274->279 285 402308-40230f 278->285 286 40232d-402340 278->286 279->242 281 4022d8-4022ef call 4029c7 279->281 285->242 287 402315-40232c call 4029c7 285->287 291 402342-402349 286->291 292 402367-40238f MultiByteToWideChar 286->292 291->242 293 40234f-402366 call 4029c7 291->293 295 402393-402397 292->295 297 402399-4023a0 295->297 298 4023be-4023d1 295->298 297->242 299 4023a6-4023bd call 4029c7 297->299 303 4023d3-4023da 298->303 304 4023f8-4023fd 298->304 303->242 305 4023e0-4023f7 call 4029c7 303->305 304->249
                                                                                APIs
                                                                                • CoCreateInstance.OLE32(00408150,00000000,00000001,00408140,00000000,6E696665), ref: 0040217A
                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KyrazonGodot.lnk,000000FF,?,00000104), ref: 0040237C
                                                                                Strings
                                                                                • IPersistFile::SaveCompleted() failed with [%i], xrefs: 004023E1
                                                                                • IShellLink::SetWorkingDirectory() failed with [%i], xrefs: 0040225C
                                                                                • C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe, xrefs: 004021D5
                                                                                • IShellLink::SetArguments() failed with [%i], xrefs: 00402226
                                                                                • C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KyrazonGodot.lnk, xrefs: 00402373
                                                                                • IPersistFile::Save() failed with [%i], xrefs: 004023A7
                                                                                • IShellLink::SetPath() failed with [%i], xrefs: 004021F0
                                                                                • IShellLink::SetDescription() failed with [%i], xrefs: 00402350
                                                                                • IShellLink::QueryInterface() returned [%d], xrefs: 004021BC
                                                                                • IShellLink::SetHotkey() failed with [%i], xrefs: 00402316
                                                                                • CoCreateInstance() returned [%d], xrefs: 0040218C
                                                                                • IShellLink::SetIconLocation() failed with [%i], xrefs: 004022D9
                                                                                • IShellLink::SetShowCmd() failed with [%i], xrefs: 00402298
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.1986606973.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 0000000C.00000002.1986577484.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986637359.0000000000408000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986659879.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986680013.000000000040A000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986706230.000000000040C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986759404.000000000040F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_400000_Shortcut.jbxd
                                                                                Similarity
                                                                                • API ID: ByteCharCreateInstanceMultiWide
                                                                                • String ID: CoCreateInstance() returned [%d]$IPersistFile::Save() failed with [%i]$IPersistFile::SaveCompleted() failed with [%i]$IShellLink::QueryInterface() returned [%d]$IShellLink::SetArguments() failed with [%i]$IShellLink::SetDescription() failed with [%i]$IShellLink::SetHotkey() failed with [%i]$IShellLink::SetIconLocation() failed with [%i]$IShellLink::SetPath() failed with [%i]$IShellLink::SetShowCmd() failed with [%i]$IShellLink::SetWorkingDirectory() failed with [%i]$C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KyrazonGodot.lnk
                                                                                • API String ID: 123533781-1328962457
                                                                                • Opcode ID: 8a8901c6ce573155238bfe9ba605f3272a4ca4f40b13b7891484f1c13e31722e
                                                                                • Instruction ID: 446fe51c5131944fafe0983fb7adff54cf9e32d93924186f7a6edebb0ffc769c
                                                                                • Opcode Fuzzy Hash: 8a8901c6ce573155238bfe9ba605f3272a4ca4f40b13b7891484f1c13e31722e
                                                                                • Instruction Fuzzy Hash: DF71D271B40222ABC610DB59DD89E9B77D4AF44B50F140179FA08FB3D0EAB8DC409BE9

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 308 4041bb-4041c5 309 4041c7-4041d2 GetCurrentProcess TerminateProcess 308->309 310 4041d8-4041ee 308->310 309->310 311 4041f0-4041f7 310->311 312 40422c-404240 call 404254 310->312 313 4041f9-404205 311->313 314 40421b-40422b call 404254 311->314 323 404252-404253 312->323 324 404242-40424c ExitProcess 312->324 316 404207-40420b 313->316 317 40421a 313->317 314->312 320 40420d 316->320 321 40420f-404218 316->321 317->314 320->321 321->316 321->317
                                                                                APIs
                                                                                • GetCurrentProcess.KERNEL32(+.@,?,004041A6,00000000,00000000,00000000,00402E2B,00000000), ref: 004041CB
                                                                                • TerminateProcess.KERNEL32(00000000,?,004041A6,00000000,00000000,00000000,00402E2B,00000000), ref: 004041D2
                                                                                • ExitProcess.KERNEL32 ref: 0040424C
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.1986606973.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 0000000C.00000002.1986577484.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986637359.0000000000408000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986659879.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986680013.000000000040A000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986706230.000000000040C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986759404.000000000040F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_400000_Shortcut.jbxd
                                                                                Similarity
                                                                                • API ID: Process$CurrentExitTerminate
                                                                                • String ID: +.@
                                                                                • API String ID: 1703294689-3061987503
                                                                                • Opcode ID: 2d429d929ea8a0b317f002e275b952974cda3d528bdaf8c8f98ac53763413882
                                                                                • Instruction ID: 5536314daef21801047468bbd332fe2a45d2b29d39cfc402778ff2b632d0f2f8
                                                                                • Opcode Fuzzy Hash: 2d429d929ea8a0b317f002e275b952974cda3d528bdaf8c8f98ac53763413882
                                                                                • Instruction Fuzzy Hash: 5D0184B2744201DAD6106B95FFC4A5A7BA5FBD4390B10407FF650721E0CB789888CA1D
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.1986606973.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 0000000C.00000002.1986577484.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986637359.0000000000408000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986659879.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986680013.000000000040A000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986706230.000000000040C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986759404.000000000040F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_400000_Shortcut.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 89c0238259bda3cfb8336a94d97ebaaa58a9a963f60f6fc3d6d598877c13e167
                                                                                • Instruction ID: 3d60e96441c5061d7fe8783f23e6a381593ab39bf64455fbaf2fe5d712ed1a1c
                                                                                • Opcode Fuzzy Hash: 89c0238259bda3cfb8336a94d97ebaaa58a9a963f60f6fc3d6d598877c13e167
                                                                                • Instruction Fuzzy Hash: 893292B1D04249AADF24CFA8C5487AEBFB8AF0431AF14807BD851B62D1D77C9B41CB59

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 575 404b4a-404b68 HeapCreate 576 404ba0-404ba2 575->576 577 404b6a-404b77 call 404a02 575->577 580 404b86-404b89 577->580 581 404b79-404b84 call 405f68 577->581 582 404ba3-404ba6 580->582 583 404b8b call 4067b9 580->583 587 404b90-404b92 581->587 583->587 587->582 588 404b94-404b9a HeapDestroy 587->588 588->576
                                                                                APIs
                                                                                • HeapCreate.KERNELBASE(00000000,00001000,00000000,00402DC9,00000000), ref: 00404B5B
                                                                                  • Part of subcall function 00404A02: GetVersionExA.KERNEL32 ref: 00404A21
                                                                                • HeapDestroy.KERNEL32 ref: 00404B9A
                                                                                  • Part of subcall function 00405F68: HeapAlloc.KERNEL32(00000000,00000140,00404B83,000003F8), ref: 00405F75
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.1986606973.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 0000000C.00000002.1986577484.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986637359.0000000000408000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986659879.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986680013.000000000040A000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986706230.000000000040C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986759404.000000000040F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_400000_Shortcut.jbxd
                                                                                Similarity
                                                                                • API ID: Heap$AllocCreateDestroyVersion
                                                                                • String ID:
                                                                                • API String ID: 2507506473-0
                                                                                • Opcode ID: 17fc14b2b0ee490da2abc08a22e18cba9d5a41ab53b1d009843be57efd4fbba3
                                                                                • Instruction ID: c37ba0b62e725718b283f0108c969a86dae0ba7a96d42cb4502cdc696fecd27d
                                                                                • Opcode Fuzzy Hash: 17fc14b2b0ee490da2abc08a22e18cba9d5a41ab53b1d009843be57efd4fbba3
                                                                                • Instruction Fuzzy Hash: 82F09BB0A4530159EF206B70AE4672A36E4DB80795F20043FF745F81D0EF7CD494950D

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 589 40508b-405098 590 40509a-4050a0 589->590 591 4050af-4050b2 589->591 592 4050e1-4050e3 590->592 594 4050a2-4050ab call 406304 590->594 591->592 593 4050b4-4050ba 591->593 597 4050e5-4050e7 592->597 598 4050e8-4050eb 592->598 595 4050c4-4050c6 593->595 596 4050bc-4050c2 593->596 594->592 603 4050ad-4050ae 594->603 600 4050c7-4050cd 595->600 596->600 597->598 601 4050ee-4050f7 RtlAllocateHeap 598->601 600->601 604 4050cf-4050dd call 406ab1 600->604 605 4050fd-4050fe 601->605 604->605 608 4050df 604->608 608->601
                                                                                APIs
                                                                                • RtlAllocateHeap.NTDLL(00000000,?,?,0040506F,000000E0,0040505C,?,0040483B,00000100), ref: 004050F7
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.1986606973.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 0000000C.00000002.1986577484.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986637359.0000000000408000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986659879.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986680013.000000000040A000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986706230.000000000040C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986759404.000000000040F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_400000_Shortcut.jbxd
                                                                                Similarity
                                                                                • API ID: AllocateHeap
                                                                                • String ID:
                                                                                • API String ID: 1279760036-0
                                                                                • Opcode ID: dd3db8fef11c01220ba402cd8664f8f9f55ff54d20bcd4e0f61341d511754d65
                                                                                • Instruction ID: 5bc31aa35ac4668d3eeac07d16caf22c06a3e39f42864eaa2c0d9096b0519aee
                                                                                • Opcode Fuzzy Hash: dd3db8fef11c01220ba402cd8664f8f9f55ff54d20bcd4e0f61341d511754d65
                                                                                • Instruction Fuzzy Hash: CFF081329159209BEA306714AD8079F6754EB01720F264137FC91FB2D1CA78AC958ECD

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 820 406ddd-406de8 821 406dea-406df9 LoadLibraryA 820->821 822 406e2c-406e33 820->822 825 406e62-406e64 821->825 826 406dfb-406e10 GetProcAddress 821->826 823 406e35-406e3b 822->823 824 406e4b-406e57 822->824 823->824 830 406e3d-406e44 823->830 827 406e5e-406e61 824->827 825->827 826->825 828 406e12-406e27 GetProcAddress * 2 826->828 828->822 830->824 831 406e46-406e49 830->831 831->824
                                                                                APIs
                                                                                • LoadLibraryA.KERNEL32(user32.dll,?,00000000,?,00404ED5,?,Microsoft Visual C++ Runtime Library,00012010,?,004084A4,?,004084F4,?,?,?,Runtime Error!Program: ), ref: 00406DEF
                                                                                • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 00406E07
                                                                                • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 00406E18
                                                                                • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 00406E25
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.1986606973.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 0000000C.00000002.1986577484.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986637359.0000000000408000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986659879.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986680013.000000000040A000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986706230.000000000040C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986759404.000000000040F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_400000_Shortcut.jbxd
                                                                                Similarity
                                                                                • API ID: AddressProc$LibraryLoad
                                                                                • String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
                                                                                • API String ID: 2238633743-4044615076
                                                                                • Opcode ID: e9e1d29084c3a61837c38555e13bb237a6bf8ab80c030ff43d0d697c62a3a1bb
                                                                                • Instruction ID: da1cee133eb1f0aac0d6a5eb0433271fd4e1a8b91bcea41f29a9dc06e3078c45
                                                                                • Opcode Fuzzy Hash: e9e1d29084c3a61837c38555e13bb237a6bf8ab80c030ff43d0d697c62a3a1bb
                                                                                • Instruction Fuzzy Hash: 12012535A00311AFC711AFF5DE84A1B3ED99758790315443AB641F6291DEB8C8159BA8

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 707 402420-40251d CoCreateInstance 708 40252d-40252f 707->708 709 40251f-40252a call 4029c7 707->709 710 402535-402551 708->710 711 4028cc-4028d6 708->711 709->708 715 402561-402563 710->715 716 402553-40255e call 4029c7 710->716 718 4028b3-4028bf 715->718 719 402569-4025a4 MultiByteToWideChar 715->719 716->715 718->711 723 4028c1-4028cb 718->723 724 4025b4-4025b7 719->724 725 4025a6-4025b1 call 4029c7 719->725 726 4028a8-4028b2 724->726 727 4025bd-4025d4 724->727 725->724 726->718 732 4025e4-4025e6 727->732 733 4025d6-4025e1 call 4029c7 727->733 732->726 735 4025ec-402616 732->735 733->732 738 402626-40262e 735->738 739 402618-402623 call 4029c7 735->739 741 402630-402670 ExpandEnvironmentStringsA 738->741 742 402699-4026b2 738->742 739->738 741->742 744 402672-402697 741->744 746 4026b4-4026f4 ExpandEnvironmentStringsA 742->746 747 40271d-402733 742->747 744->742 746->747 748 4026f6-40271b 746->748 750 402735-40276f ExpandEnvironmentStringsA 747->750 751 402798-4027a9 747->751 748->747 750->751 752 402771-402796 750->752 754 4027b4-4027d2 751->754 755 4027ab-4027af 751->755 752->751 757 4027d4-40281d ExpandEnvironmentStringsA 754->757 758 402846-402857 754->758 755->754 757->758 759 40281f-402844 757->759 761 402864-40287f 758->761 762 402859-40285e 758->762 759->758 761->726 764 402881-4028a6 761->764 762->761 764->726
                                                                                APIs
                                                                                • CoCreateInstance.OLE32(00408150,00000000,00000001,00408140,?), ref: 0040250E
                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KyrazonGodot.lnk,000000FF,?,00000105), ref: 00402581
                                                                                • ExpandEnvironmentStringsA.KERNEL32(?,?,00000105), ref: 0040266C
                                                                                • ExpandEnvironmentStringsA.KERNEL32(?,?,00000105), ref: 004026F0
                                                                                • ExpandEnvironmentStringsA.KERNEL32(?,?,00000105), ref: 0040276B
                                                                                • ExpandEnvironmentStringsA.KERNEL32(?,?,00000105), ref: 00402819
                                                                                Strings
                                                                                • IShellLink::GetPath() returned [%d], xrefs: 00402619
                                                                                • IPersistFile::Load() returned [%d], xrefs: 004025A7
                                                                                • IShellLink::Resolve() returned [%d], xrefs: 004025D7
                                                                                • C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe, xrefs: 00402652
                                                                                • IShellLink::QueryInterface() returned [%d], xrefs: 00402554
                                                                                • C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KyrazonGodot.lnk, xrefs: 0040242D, 00402578
                                                                                • CoCreateInstance() returned [%d], xrefs: 00402520
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.1986606973.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 0000000C.00000002.1986577484.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986637359.0000000000408000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986659879.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986680013.000000000040A000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986706230.000000000040C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986759404.000000000040F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_400000_Shortcut.jbxd
                                                                                Similarity
                                                                                • API ID: EnvironmentExpandStrings$ByteCharCreateInstanceMultiWide
                                                                                • String ID: CoCreateInstance() returned [%d]$IPersistFile::Load() returned [%d]$IShellLink::GetPath() returned [%d]$IShellLink::QueryInterface() returned [%d]$IShellLink::Resolve() returned [%d]$C:\Users\user\AppData\Local\Programs\KyrazonGodot\KyrazonGodot.exe$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KyrazonGodot.lnk
                                                                                • API String ID: 4107729762-4106024972
                                                                                • Opcode ID: f826fa4fd362661552adaaf908bd862360ec36d41562970343b84b974c2fccca
                                                                                • Instruction ID: 65386ca67d88dcf44c49e41ca9b6a6bce6168fe9bd534fa320ee539b649c66a9
                                                                                • Opcode Fuzzy Hash: f826fa4fd362661552adaaf908bd862360ec36d41562970343b84b974c2fccca
                                                                                • Instruction Fuzzy Hash: 5DD1E2713047459FD724CA38C995BABB7D6AFC4310F044A2DB689E72D0DBF89908CB5A

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 765 401fa0-401faa 766 401fb0-401fcf 765->766 767 402137-40215d 765->767 768 401fe0-401fe7 766->768 769 401fd1-401fdd call 4029c7 766->769 771 401fe9-402037 MapVirtualKeyA GetKeyNameTextA 768->771 772 40203b-40203e 768->772 769->768 771->772 774 402040-40208e MapVirtualKeyA GetKeyNameTextA 772->774 775 402092-402095 772->775 774->775 776 402097-4020e5 MapVirtualKeyA GetKeyNameTextA 775->776 777 4020e9-4020f7 MapVirtualKeyA 775->777 776->777 778 402117-402136 GetKeyNameTextA 777->778 779 4020f9-402106 777->779 779->778 780 402108-402114 call 4029c7 779->780 780->778
                                                                                APIs
                                                                                • MapVirtualKeyA.USER32(00000011,00000000), ref: 00401FFD
                                                                                • GetKeyNameTextA.USER32(00000000), ref: 00402007
                                                                                • MapVirtualKeyA.USER32(00000010,00000000), ref: 00402054
                                                                                • GetKeyNameTextA.USER32(00000000), ref: 0040205E
                                                                                • MapVirtualKeyA.USER32(00000012,00000000), ref: 004020AB
                                                                                • GetKeyNameTextA.USER32(00000000), ref: 004020B5
                                                                                • MapVirtualKeyA.USER32(00000000,00000000), ref: 004020EC
                                                                                • GetKeyNameTextA.USER32(00000000,?,00000032), ref: 0040212C
                                                                                Strings
                                                                                • None, xrefs: 00402137
                                                                                • KeyCode: [%i], Modifiers: [%i], xrefs: 00401FD3, 0040210A
                                                                                • C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KyrazonGodot.lnk, xrefs: 00401FA9
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.1986606973.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 0000000C.00000002.1986577484.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986637359.0000000000408000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986659879.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986680013.000000000040A000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986706230.000000000040C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986759404.000000000040F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_400000_Shortcut.jbxd
                                                                                Similarity
                                                                                • API ID: NameTextVirtual
                                                                                • String ID: KeyCode: [%i], Modifiers: [%i]$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KyrazonGodot.lnk$None
                                                                                • API String ID: 3859213288-287706817
                                                                                • Opcode ID: 09507b448c0862c6a2d22d5221e48fd681c2dedeec79cf164cd9edd5305f7d49
                                                                                • Instruction ID: c2ee2aa202e0e2dde0b4862d6f1f15111f6179d6d6b0666bd2a409d611d544fe
                                                                                • Opcode Fuzzy Hash: 09507b448c0862c6a2d22d5221e48fd681c2dedeec79cf164cd9edd5305f7d49
                                                                                • Instruction Fuzzy Hash: 0341E8317505181BE7184A386D1A77B7A86EBC0770F19033EFA67A72D2DEB98D05825C

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 783 4046f8-404711 784 404713-404719 GetEnvironmentStringsW 783->784 785 404746-404749 783->785 786 404727-404731 GetEnvironmentStrings 784->786 787 40471b-404725 784->787 788 4047d0-4047d3 785->788 789 40474f-404751 785->789 790 404821 786->790 791 404737-404741 786->791 787->789 788->790 792 4047d5-4047d7 788->792 793 404753-404759 GetEnvironmentStringsW 789->793 794 40475f-404764 789->794 797 404823-404829 790->797 791->792 798 4047e5-4047e9 792->798 799 4047d9-4047e3 GetEnvironmentStrings 792->799 793->790 793->794 795 404774-404791 WideCharToMultiByte 794->795 796 404766-40476b 794->796 803 404793-4047a0 call 40504d 795->803 804 4047c5-4047ce FreeEnvironmentStringsW 795->804 796->796 802 40476d-404772 796->802 800 4047f5-404805 call 40504d 798->800 801 4047eb-4047ee 798->801 799->790 799->798 810 404807-404809 800->810 811 40480b-404813 call 405880 800->811 801->801 805 4047f0-4047f3 801->805 802->795 802->796 803->804 812 4047a2-4047b1 WideCharToMultiByte 803->812 804->797 805->800 805->801 813 404816-40481f FreeEnvironmentStringsA 810->813 811->813 815 4047c1 812->815 816 4047b3-4047bd call 405232 812->816 813->797 815->804 816->815
                                                                                APIs
                                                                                • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,00402DEF), ref: 00404713
                                                                                • GetEnvironmentStrings.KERNEL32(?,?,?,?,?,?,00402DEF), ref: 00404727
                                                                                • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,00402DEF), ref: 00404753
                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,?,?,?,?,?,00402DEF), ref: 0040478B
                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,00402DEF), ref: 004047AD
                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,?,?,00402DEF), ref: 004047C6
                                                                                • GetEnvironmentStrings.KERNEL32(?,?,?,?,?,?,00402DEF), ref: 004047D9
                                                                                • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 00404817
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.1986606973.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 0000000C.00000002.1986577484.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986637359.0000000000408000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986659879.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986680013.000000000040A000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986706230.000000000040C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986759404.000000000040F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_400000_Shortcut.jbxd
                                                                                Similarity
                                                                                • API ID: EnvironmentStrings$ByteCharFreeMultiWide
                                                                                • String ID: -@
                                                                                • API String ID: 1823725401-2999422947
                                                                                • Opcode ID: 1d4ece172509871e54c057335d218c222eaa59bdd30da85cc5f206ca0d2cf4c4
                                                                                • Instruction ID: 0fa67cdf29e181a3b6a8eebca1ea6ebb3e3a07ea2e708aa514b911421c2da062
                                                                                • Opcode Fuzzy Hash: 1d4ece172509871e54c057335d218c222eaa59bdd30da85cc5f206ca0d2cf4c4
                                                                                • Instruction Fuzzy Hash: 9931F4F38042506FD7207BB55E8883BB69CE6C6358711093FF791F3281EB398C4586A9

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 833 403e8d-403ebb 834 403f03-403f06 833->834 835 403ebd-403ed7 LCMapStringW 833->835 838 403f18-403f20 834->838 839 403f08-403f15 call 4040b1 834->839 836 403ee1-403ef3 LCMapStringA 835->836 837 403ed9-403edf 835->837 840 403ef9 836->840 841 40401b 836->841 837->834 843 403f22-403f3a LCMapStringA 838->843 844 403f3f-403f42 838->844 839->838 840->834 846 40401d-40402e 841->846 843->846 844->841 847 403f48-403f4b 844->847 848 403f55-403f79 MultiByteToWideChar 847->848 849 403f4d-403f52 847->849 848->841 850 403f7f-403fb3 call 405760 848->850 849->848 850->841 854 403fb5-403fcc MultiByteToWideChar 850->854 854->841 855 403fce-403fe7 LCMapStringW 854->855 855->841 856 403fe9-403fed 855->856 857 40402f-404065 call 405760 856->857 858 403fef-403ff2 856->858 857->841 865 404067-40407d LCMapStringW 857->865 859 403ff8-403ffb 858->859 860 4040aa-4040ac 858->860 859->841 862 403ffd-404015 LCMapStringW 859->862 860->846 862->841 862->860 865->841 866 40407f-404084 865->866 867 404086-404088 866->867 868 40408a-40408d 866->868 869 404090-4040a4 WideCharToMultiByte 867->869 868->869 869->841 869->860
                                                                                APIs
                                                                                • LCMapStringW.KERNEL32(00000000,00000100,004081F4,00000001,00000000,00000000,00000103,00000001,?,?,00405CFC,00200020,00000000,?,?,00000000), ref: 00403ECF
                                                                                • LCMapStringA.KERNEL32(00000000,00000100,004081F0,00000001,00000000,00000000,?,00405CFC,00200020,00000000,?,?,00000000,00000001), ref: 00403EEB
                                                                                • LCMapStringA.KERNEL32(?,?,00000000,00200020,00405CFC,?,00000103,00000001,?,?,00405CFC,00200020,00000000,?,?,00000000), ref: 00403F34
                                                                                • MultiByteToWideChar.KERNEL32(?,00000002,00000000,00200020,00000000,00000000,00000103,00000001,?,?,00405CFC,00200020,00000000,?,?,00000000), ref: 00403F6C
                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00200020,?,00000000,?,00405CFC,00200020,00000000), ref: 00403FC4
                                                                                • LCMapStringW.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,00405CFC,00200020,00000000), ref: 00403FDA
                                                                                • LCMapStringW.KERNEL32(?,?,00405CFC,00000000,00405CFC,?,?,00405CFC,00200020,00000000), ref: 0040400D
                                                                                • LCMapStringW.KERNEL32(?,?,?,?,?,00000000,?,00405CFC,00200020,00000000), ref: 00404075
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.1986606973.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 0000000C.00000002.1986577484.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986637359.0000000000408000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986659879.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986680013.000000000040A000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986706230.000000000040C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986759404.000000000040F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_400000_Shortcut.jbxd
                                                                                Similarity
                                                                                • API ID: String$ByteCharMultiWide
                                                                                • String ID:
                                                                                • API String ID: 352835431-0
                                                                                • Opcode ID: ea44ea31750123c118c7cb7bcb254ee29c9b55dd60e05c025c57dd21b0bbfed4
                                                                                • Instruction ID: dc4c128a57a91bf777db52d69db1374881bc6d12f7daaae6598e61c0e71bf4b4
                                                                                • Opcode Fuzzy Hash: ea44ea31750123c118c7cb7bcb254ee29c9b55dd60e05c025c57dd21b0bbfed4
                                                                                • Instruction Fuzzy Hash: EA518D71900209EBCF218F54CD45A9F7FB9FB89750F10412AFA11B22A0C73A9D51EB69

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 870 404db1-404dbf 871 404dc4-404dc6 870->871 872 404dd3-404ddf 871->872 873 404dc8-404dd1 871->873 874 404f01-404f03 872->874 875 404de5-404ded 872->875 873->871 873->872 876 404df3-404df5 875->876 877 404edb-404efb call 4052a0 GetStdHandle WriteFile 875->877 879 404e04-404e0a 876->879 880 404df7-404dfe 876->880 877->874 879->874 882 404e10-404e26 GetModuleFileNameA 879->882 880->877 880->879 883 404e28-404e3a call 405790 882->883 884 404e3b-404e53 call 4052a0 882->884 883->884 889 404e55-404e7b call 4052a0 call 406e70 884->889 890 404e7e-404ed9 call 405790 call 4057a0 * 3 call 406ddd 884->890 889->890 890->874
                                                                                APIs
                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000), ref: 00404E1E
                                                                                • GetStdHandle.KERNEL32(000000F4,004084A4,00000000,?,00000000,00000000), ref: 00404EF4
                                                                                • WriteFile.KERNEL32(00000000), ref: 00404EFB
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.1986606973.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 0000000C.00000002.1986577484.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986637359.0000000000408000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986659879.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986680013.000000000040A000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986706230.000000000040C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986759404.000000000040F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_400000_Shortcut.jbxd
                                                                                Similarity
                                                                                • API ID: File$HandleModuleNameWrite
                                                                                • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                • API String ID: 3784150691-4022980321
                                                                                • Opcode ID: 30b936380cc59e19e2007ed0e2613212ab886e614505033bbc4c70df2dfa4f07
                                                                                • Instruction ID: c3739314f749ab5ff334de0654ff45aa8e77e5660a3604bab486777a7459bbb9
                                                                                • Opcode Fuzzy Hash: 30b936380cc59e19e2007ed0e2613212ab886e614505033bbc4c70df2dfa4f07
                                                                                • Instruction Fuzzy Hash: 8C31A372A00219AFDF20A760CE49F9B736CEF85304F5004BFF644F61C1EA78A9548A5E

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 905 401c20-401c51 906 401c53-401c59 905->906 907 401c6b-401c93 FormatMessageA 905->907 906->907 908 401c5b-401c69 LoadLibraryExA 906->908 909 401c95-401cd1 call 4029c7 LocalFree 907->909 910 401cd7-401cd9 907->910 908->907 909->910 912 401ce2-401ceb 910->912 913 401cdb-401cdc FreeLibrary 910->913 913->912
                                                                                APIs
                                                                                • LoadLibraryExA.KERNEL32(netmsg.dll,00000000,00000002,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KyrazonGodot.lnk,00000000,002A6465), ref: 00401C63
                                                                                • FormatMessageA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KyrazonGodot.lnk,00000000,002A6465), ref: 00401C8B
                                                                                • LocalFree.KERNEL32(?), ref: 00401CD1
                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00401CDC
                                                                                Strings
                                                                                • netmsg.dll, xrefs: 00401C5E
                                                                                • C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KyrazonGodot.lnk, xrefs: 00401C2D
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.1986606973.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 0000000C.00000002.1986577484.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986637359.0000000000408000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986659879.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986680013.000000000040A000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986706230.000000000040C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986759404.000000000040F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_400000_Shortcut.jbxd
                                                                                Similarity
                                                                                • API ID: FreeLibrary$FormatLoadLocalMessage
                                                                                • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KyrazonGodot.lnk$netmsg.dll
                                                                                • API String ID: 1722898185-3875874706
                                                                                • Opcode ID: bbc13b76aba806f605010e0eb7f1a5f078aa48583d78ad11b2a53ee9d95a81f7
                                                                                • Instruction ID: 676477643adce46a94e7e182497c34522d164a9c87c1d9f1abf55ae9b015515e
                                                                                • Opcode Fuzzy Hash: bbc13b76aba806f605010e0eb7f1a5f078aa48583d78ad11b2a53ee9d95a81f7
                                                                                • Instruction Fuzzy Hash: E31159313443405BF3149A64DD85FABB699EBC4704F04893DBA96A71D0CE789D0CC6AD
                                                                                APIs
                                                                                • GetStringTypeW.KERNEL32(00000001,004081F4,00000001,?,00000103,00000001,?,00405CFC,00200020,00000000,?,?,00000000,00000001), ref: 00404F43
                                                                                • GetStringTypeA.KERNEL32(00000000,00000001,004081F0,00000001,?,?,?,00000000,00000001), ref: 00404F5D
                                                                                • GetStringTypeA.KERNEL32(?,?,?,00000000,00200020,00000103,00000001,?,00405CFC,00200020,00000000,?,?,00000000,00000001), ref: 00404F91
                                                                                • MultiByteToWideChar.KERNEL32(00405CFC,00000002,?,00000000,00000000,00000000,00000103,00000001,?,00405CFC,00200020,00000000,?,?,00000000,00000001), ref: 00404FC9
                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,?), ref: 0040501F
                                                                                • GetStringTypeW.KERNEL32(?,?,00000000,?,?,?), ref: 00405031
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.1986606973.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 0000000C.00000002.1986577484.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986637359.0000000000408000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986659879.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986680013.000000000040A000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986706230.000000000040C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986759404.000000000040F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_400000_Shortcut.jbxd
                                                                                Similarity
                                                                                • API ID: StringType$ByteCharMultiWide
                                                                                • String ID:
                                                                                • API String ID: 3852931651-0
                                                                                • Opcode ID: 10c2dd83d6c4891f4b19a69c398e9b50d9e8c1fd6f195fed43029adedc618a4a
                                                                                • Instruction ID: e8077265912694feb20199444432bd54d64186ba5fb9de02ee2b6094005642b9
                                                                                • Opcode Fuzzy Hash: 10c2dd83d6c4891f4b19a69c398e9b50d9e8c1fd6f195fed43029adedc618a4a
                                                                                • Instruction Fuzzy Hash: 4D416EB190061AAFCF209F94DD85EAF7BB8EB04754F10443AFA15B2290D73889559BE8
                                                                                APIs
                                                                                • GetVersionExA.KERNEL32 ref: 00404A21
                                                                                • GetEnvironmentVariableA.KERNEL32(__MSVCRT_HEAP_SELECT,?,00001090), ref: 00404A56
                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00404AB6
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.1986606973.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 0000000C.00000002.1986577484.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986637359.0000000000408000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986659879.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986680013.000000000040A000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986706230.000000000040C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986759404.000000000040F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_400000_Shortcut.jbxd
                                                                                Similarity
                                                                                • API ID: EnvironmentFileModuleNameVariableVersion
                                                                                • String ID: __GLOBAL_HEAP_SELECTED$__MSVCRT_HEAP_SELECT
                                                                                • API String ID: 1385375860-4131005785
                                                                                • Opcode ID: c2e46501cb34ff5ec822bfb9ec5beae3fa957931afad9139806d236dc87c07b5
                                                                                • Instruction ID: bd575d6e86409f67b89e6321b2ac6b3d904a07d1e09031c5d33df5c7808616b4
                                                                                • Opcode Fuzzy Hash: c2e46501cb34ff5ec822bfb9ec5beae3fa957931afad9139806d236dc87c07b5
                                                                                • Instruction Fuzzy Hash: 5931C3F1A8124869EB3196705C45B9B37689B86304F2404FFD385F62C2E678DA89CF1D
                                                                                APIs
                                                                                • GetStartupInfoA.KERNEL32(?), ref: 00404883
                                                                                • GetFileType.KERNEL32(00000800), ref: 00404929
                                                                                • GetStdHandle.KERNEL32(-000000F6), ref: 00404982
                                                                                • GetFileType.KERNEL32(00000000), ref: 00404990
                                                                                • SetHandleCount.KERNEL32 ref: 004049C7
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.1986606973.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 0000000C.00000002.1986577484.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986637359.0000000000408000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986659879.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986680013.000000000040A000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986706230.000000000040C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986759404.000000000040F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_400000_Shortcut.jbxd
                                                                                Similarity
                                                                                • API ID: FileHandleType$CountInfoStartup
                                                                                • String ID:
                                                                                • API String ID: 1710529072-0
                                                                                • Opcode ID: 185b7c6d422e415d3ebbcbce5bc206f78151db82d189772629bd0f1d3015a871
                                                                                • Instruction ID: fc641859bd4fd339b69d41a431ef02c5b98227dccaa49943cb6363da23072a57
                                                                                • Opcode Fuzzy Hash: 185b7c6d422e415d3ebbcbce5bc206f78151db82d189772629bd0f1d3015a871
                                                                                • Instruction Fuzzy Hash: DE5126F29042418BD7219B38CA44B673B90EB91320F15477EEAE6FB3E1D738D8498759
                                                                                APIs
                                                                                • HeapAlloc.KERNEL32(00000000,00002020,?,?,?,?,00404B90), ref: 004067DA
                                                                                • VirtualAlloc.KERNEL32(00000000,00400000,00002000,00000004,?,?,?,?,00404B90), ref: 004067FE
                                                                                • VirtualAlloc.KERNEL32(00000000,00010000,00001000,00000004,?,?,?,?,00404B90), ref: 00406818
                                                                                • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,?,?,00404B90), ref: 004068D9
                                                                                • HeapFree.KERNEL32(00000000,00000000,?,?,?,?,00404B90), ref: 004068F0
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.1986606973.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 0000000C.00000002.1986577484.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986637359.0000000000408000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986659879.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986680013.000000000040A000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986706230.000000000040C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986759404.000000000040F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_400000_Shortcut.jbxd
                                                                                Similarity
                                                                                • API ID: AllocVirtual$FreeHeap
                                                                                • String ID:
                                                                                • API String ID: 714016831-0
                                                                                • Opcode ID: 3ea6627101bb3f8d28e1942db286dffea8f3837542d8e6896e24ece2c93cb393
                                                                                • Instruction ID: acd04c8510f0ef6fb46427d060ff61076c05d727fdb6601c2505802ebc05d4dd
                                                                                • Opcode Fuzzy Hash: 3ea6627101bb3f8d28e1942db286dffea8f3837542d8e6896e24ece2c93cb393
                                                                                • Instruction Fuzzy Hash: 093107719017019BD3309F24DD44B22B7A0EB44754F12813EE996B77D0EB78A828974E
                                                                                APIs
                                                                                • VirtualFree.KERNEL32(?,00008000,00004000,74DEDFF0,?,00000000), ref: 00406233
                                                                                • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0040628E
                                                                                • HeapFree.KERNEL32(00000000,?), ref: 004062A0
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.1986606973.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 0000000C.00000002.1986577484.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986637359.0000000000408000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986659879.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986680013.000000000040A000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986706230.000000000040C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986759404.000000000040F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_400000_Shortcut.jbxd
                                                                                Similarity
                                                                                • API ID: Free$Virtual$Heap
                                                                                • String ID: -@
                                                                                • API String ID: 2016334554-2999422947
                                                                                • Opcode ID: 7d61b6457e1237e3b9ff3d33e82737f19d6c99c2ed17d01c58d2f458cb4ceb82
                                                                                • Instruction ID: 8d112c40a7e32810c9b14bef7942e7ca57f7158f26a784d4f7749efd28daf399
                                                                                • Opcode Fuzzy Hash: 7d61b6457e1237e3b9ff3d33e82737f19d6c99c2ed17d01c58d2f458cb4ceb82
                                                                                • Instruction Fuzzy Hash: 57B17C34A002059FDB14CF48CAD0A69B7B2FB58314F25C1AED85A6F392CB36ED55CB84
                                                                                APIs
                                                                                • WriteFile.KERNEL32(?,?,?,00000000,00000000,00000001,00000000,?), ref: 00407112
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.1986606973.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 0000000C.00000002.1986577484.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986637359.0000000000408000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986659879.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986680013.000000000040A000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986706230.000000000040C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986759404.000000000040F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_400000_Shortcut.jbxd
                                                                                Similarity
                                                                                • API ID: FileWrite
                                                                                • String ID:
                                                                                • API String ID: 3934441357-0
                                                                                • Opcode ID: e09dc6fc6b4ea51e5cc7bed2f8298a0d2f54f69a7693411809a079bfa261a28d
                                                                                • Instruction ID: fa558dee1c5888d74b13012bc73fa547acbbdb4bd3aac0d6447206d0587834ea
                                                                                • Opcode Fuzzy Hash: e09dc6fc6b4ea51e5cc7bed2f8298a0d2f54f69a7693411809a079bfa261a28d
                                                                                • Instruction Fuzzy Hash: D451C030E04208EFCB11CF68CD84A9E7BB5BF44340F20867AE815AB3D1D734AA45DB5A
                                                                                APIs
                                                                                • GetCPInfo.KERNEL32(00000000,?,?,?,00000000,?,?,00402DF9), ref: 00402EDB
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.1986606973.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 0000000C.00000002.1986577484.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986637359.0000000000408000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986659879.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986680013.000000000040A000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986706230.000000000040C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986759404.000000000040F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_400000_Shortcut.jbxd
                                                                                Similarity
                                                                                • API ID: Info
                                                                                • String ID: p@$p@
                                                                                • API String ID: 1807457897-3476017769
                                                                                • Opcode ID: 9c87afb81c43f763c10419f2450c277547e313204eabffc705f0cef67c751ea7
                                                                                • Instruction ID: 3914f9005d033d98c17e43e3033144e2b41ad2eaa203b51ef0bd9b96ee6c7522
                                                                                • Opcode Fuzzy Hash: 9c87afb81c43f763c10419f2450c277547e313204eabffc705f0cef67c751ea7
                                                                                • Instruction Fuzzy Hash: AF419C308092529EE700CF35CA4876A7FE9AB05344F24087FD985B72D2C77D4A56E74D
                                                                                APIs
                                                                                • GetCPInfo.KERNEL32(?,00000000), ref: 004030E6
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.1986606973.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 0000000C.00000002.1986577484.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986637359.0000000000408000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986659879.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986680013.000000000040A000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986706230.000000000040C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986759404.000000000040F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_400000_Shortcut.jbxd
                                                                                Similarity
                                                                                • API ID: Info
                                                                                • String ID: $
                                                                                • API String ID: 1807457897-3032137957
                                                                                • Opcode ID: 193a9108bf2fae721e54ffea3e769f283794f08f71930f22d67e2580e0bc7997
                                                                                • Instruction ID: d8e3abf327adfc85c33f230852f3636ca1b15aa8834cc25d044d70c47297e251
                                                                                • Opcode Fuzzy Hash: 193a9108bf2fae721e54ffea3e769f283794f08f71930f22d67e2580e0bc7997
                                                                                • Instruction Fuzzy Hash: 4D415A310042986AEB119F25CE49FEB3F9C9B06701F1408FAD985FB1D2C2394B59D76A
                                                                                APIs
                                                                                • GetVersion.KERNEL32 ref: 00402D91
                                                                                  • Part of subcall function 00404B4A: HeapCreate.KERNELBASE(00000000,00001000,00000000,00402DC9,00000000), ref: 00404B5B
                                                                                  • Part of subcall function 00404B4A: HeapDestroy.KERNEL32 ref: 00404B9A
                                                                                • GetCommandLineA.KERNEL32 ref: 00402DDF
                                                                                  • Part of subcall function 00402E6F: ExitProcess.KERNEL32 ref: 00402E8C
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.1986606973.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 0000000C.00000002.1986577484.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986637359.0000000000408000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986659879.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986680013.000000000040A000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986706230.000000000040C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986759404.000000000040F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_400000_Shortcut.jbxd
                                                                                Similarity
                                                                                • API ID: Heap$CommandCreateDestroyExitLineProcessVersion
                                                                                • String ID: H*m
                                                                                • API String ID: 1387771204-3718304935
                                                                                • Opcode ID: c7a0977b9349a1d30c01abd58d83def3c08bb262b80e4292ab6daf9e85b70786
                                                                                • Instruction ID: 02eb877745b522f99b33b0b935d98505204d0ac594d2280056544b862e450dca
                                                                                • Opcode Fuzzy Hash: c7a0977b9349a1d30c01abd58d83def3c08bb262b80e4292ab6daf9e85b70786
                                                                                • Instruction Fuzzy Hash: AC112EF1940601DFDB08AF66EE46B297765EB84758F10023EF605B72E1DB3D54408B69
                                                                                APIs
                                                                                • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exe,00000104,?,?,?,?,?,?,00402DF9), ref: 004044CE
                                                                                Strings
                                                                                • C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exe, xrefs: 004044C2, 004044CC, 004044F1, 00404527
                                                                                • H*m, xrefs: 004044D4
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.1986606973.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 0000000C.00000002.1986577484.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986637359.0000000000408000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986659879.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986680013.000000000040A000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986706230.000000000040C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986759404.000000000040F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_400000_Shortcut.jbxd
                                                                                Similarity
                                                                                • API ID: FileModuleName
                                                                                • String ID: C:\Users\user\AppData\Local\Programs\KyrazonGodot\resources\app.asar.unpacked\node_modules\windows-shortcuts\lib\shortcut\Shortcut.exe$H*m
                                                                                • API String ID: 514040917-1354865998
                                                                                • Opcode ID: b226ddf778849ff2c88afa2836514ab9893f861d7d2e9a1157e8cc8a3d70ad25
                                                                                • Instruction ID: d469abb2e43a93264971512b3f2a6025c8de6f1afa54191000fd3447a8906820
                                                                                • Opcode Fuzzy Hash: b226ddf778849ff2c88afa2836514ab9893f861d7d2e9a1157e8cc8a3d70ad25
                                                                                • Instruction Fuzzy Hash: 821191B2900118BFC711EB99CDC1D9F77ACEB85368B0001BBF605B7281E6749E04CBA8
                                                                                APIs
                                                                                • HeapReAlloc.KERNEL32(00000000,00000050,?,00000000,004063D5,?,?,?,00000100), ref: 00406635
                                                                                • HeapAlloc.KERNEL32(00000008,000041C4,?,00000000,004063D5,?,?,?,00000100), ref: 00406669
                                                                                • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004,?,00000000,004063D5,?,?,?,00000100), ref: 00406683
                                                                                • HeapFree.KERNEL32(00000000,?,?,00000000,004063D5,?,?,?,00000100), ref: 0040669A
                                                                                Memory Dump Source
                                                                                • Source File: 0000000C.00000002.1986606973.0000000000401000.00000020.00000001.01000000.00000012.sdmp, Offset: 00400000, based on PE: true
                                                                                • Associated: 0000000C.00000002.1986577484.0000000000400000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986637359.0000000000408000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986659879.0000000000409000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986680013.000000000040A000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986706230.000000000040C000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                • Associated: 0000000C.00000002.1986759404.000000000040F000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_12_2_400000_Shortcut.jbxd
                                                                                Similarity
                                                                                • API ID: AllocHeap$FreeVirtual
                                                                                • String ID:
                                                                                • API String ID: 3499195154-0
                                                                                • Opcode ID: 817a8a581052b96c9f9a72538d17e48b6576cde85557c41beef5e628232b7b87
                                                                                • Instruction ID: 649e2d90f75f34e424309cacc0d0360b212119e466093e87a3bb8a1dc1113c7f
                                                                                • Opcode Fuzzy Hash: 817a8a581052b96c9f9a72538d17e48b6576cde85557c41beef5e628232b7b87
                                                                                • Instruction Fuzzy Hash: 1E1124306006019FD7218F59EE459267BB6FB89724711493DF292FA1F0CB729869CF58