Windows Analysis Report
https://physlets.org/tracker/installers/download.php?file=Tracker-6.2.0-windows-x64-installer.exe

Overview

General Information

Sample URL:	https://physlets.org/tracker/installers/download.php?file=Tracker-6.2.0-windows-x64-installer.exe
Analysis ID:	1558892
Infos:

Detection

Score:	19
Range:	0 - 100
Whitelisted:	false
Confidence:	0%

Signatures

Binary contains a suspicious time stamp

Contains functionality for read data from the clipboard

Contains functionality to call native functions

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to clear windows event logs (to hide its activities)

Contains functionality to communicate with device drivers

Contains functionality to delete services

Contains functionality to dynamically determine API calls

Contains functionality to enumerate device drivers

Contains functionality to enumerate running services

Contains functionality to execute programs as a different user

Contains functionality to get notified if a device is plugged in / out

Contains functionality to launch a process as a different user

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read device registry values (via SetupAPI)

Contains functionality to read the clipboard data

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Drops PE files

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

PE file contains an invalid checksum

PE file contains more sections than normal

PE file contains sections with non-standard names

PE file does not import any functions

PE file overlay found

Queries device information via Setup API

Queries information about the installed CPU (vendor, model number etc)

Queries the product ID of Windows

Queries the volume information (name, serial number etc) of a device

Queries time zone information

Stores files to the Windows start menu directory

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Classification

Signatures

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_1000373D CryptAcquireContextW,	14_2_1000373D
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_10019770 CryptGenRandom,	14_2_10019770
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_100037E8 CryptReleaseContext,	14_2_100037E8

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

File created: C:\Users\user\AppData\Local\Temp\installbuilder_installer.log

Jump to behavior

Source:

Binary string: C:\src\twapi\twapi\base\build\AMD64\release\twapi64.pdb source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2546629602.0000000010042000.00000002.00000001.01000000.00000008.sdmp, BRD57B.tmp.14.dr

Contains functionality to get notified if a device is plugged in / out

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_1001A9E0 memset,RegisterDeviceNotificationW,GetLastError,DestroyWindow,memset,memcmp,RegisterDeviceNotificationW,GetLastError,

14_2_1001A9E0

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File opened: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD51C.tmp	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File opened: C:\Users\user\AppData\Local\Temp\BRL00001ffc\	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior

Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2456364654.00000000043E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blogs.msdn.com/b/oldnewthing/archive/2004/01/30/65013.aspx
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2454456239.0000000004277000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blogs.msdn.com/oldnewthing/archive/2003/08/21/54675.aspx
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2456721225.0000000004462000.00000004.00000020.00020000.00000000.sdmp, Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2457469920.00000000044AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/index.html#id3037154
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2456721225.0000000004462000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/index.html#id3037154ds_disconnect_se
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2489513186.0000000005867000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.bitrock.com/feedback.php
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2522807560.0000000006A0C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.bitrock.com/feedback.phpsions
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2360115787.000000000485B000.00000004.00000020.00020000.00000000.sdmp, Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2358925391.0000000004681000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://forum.java.sun.com/thread.jspa?threadID=426291&messageID=1997063
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2454125617.0000000004228000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://support.micr
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2477574053.000000000515A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tcl.sf.net
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2489513186.0000000005867000.00000004.00000020.00020000.00000000.sdmp, Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2451285155.0000000003F91000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://timestamp.apple.com/ts01
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2522807560.0000000006A0C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://timestamp.apple.com/ts01Stylepy.Text=
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2496434277.0000000005C52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tkcon.sourceforge.net/
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2500277412.0000000005EAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wiki.tcl.tk/
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2477574053.000000000515A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.activestate.com/tcl/
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2358925391.0000000004681000.00000004.00000020.00020000.00000000.sdmp, Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2469983637.0000000004D31000.00000004.00000020.00020000.00000000.sdmp, Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2486291002.0000000005650000.00000004.00000020.00020000.00000000.sdmp, Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2461964067.0000000004818000.00000004.00000020.00020000.00000000.sdmp, Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2462825150.00000000048A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2533012351.0000000006F36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cabrillo.edu/~dbrown/tracker/
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2359857859.000000000430C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cs.wm.edu/~hallyn/des/weak
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2526999767.0000000006C67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.freedesktop.org/standards/shared-mime-info
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2454903992.00000000042CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2457139415.000000000446C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iana.org/assignments/character-sets
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2449589557.0000000003913000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.inria.fr/koala/colas/
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2533012351.0000000006F36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.opensourcephysics.org/
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2457139415.000000000446C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.tdom.org
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2375511893.0000000005E69000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://update.bitrock.com/api/1_0

Contains functionality for read data from the clipboard

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_1000A360 ArrangeIconicWindows,IsWindowEnabled,IsWindowUnicode,IsWindow,IsWindowVisible,IsZoomed,IsIconic,SetForegroundWindow,ShowCaret,HideCaret,UpdateWindow,DestroyWindow,CloseWindow,OpenIcon,GetParent,GetClassNameW,SetActiveWindow,SetFocus,GetDC,GetWindowRect,GetClientRect,OpenClipboard,RealGetWindowClassW,GetWindowInfo,GetWindowPlacement,GetWindowDC,SetLastError,GetWindowTextW,GetLastError,GetWindowThreadProcessId,SetWindowPos,InvalidateRect,SetWindowPlacement,IsChild,SetWindowTextW,FindWindowExW,GetWindowRgn,SetWindowRgn,OpenThemeData,ReleaseDC,

14_2_1000A360

Contains functionality to modify clipboard data

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_100068E3 SetConsoleOutputCP,SetConsoleCP,GetStdHandle,GetClipboardFormatNameW,GetClipboardData,IsClipboardFormatAvailable,Sleep,GetSystemMetrics,GetComputerNameExW,SetThreadExecutionState,GetThreadDesktop,GetKeyState,GetAsyncKeyState,ImpersonateSelf,UuidCreate,SetCaretBlinkTime,SetLastError,GlobalDeleteAtom,GetLastError,ProcessIdToSessionId,Sleep,MessageBeep,SetCursorPos,SetCaretPos,MapVirtualKeyA,Beep,GetLocaleInfoW,GenerateConsoleCtrlEvent,ExitWindowsEx,AttachThreadInput,OpenInputDesktop,OpenThread,OpenProcess,CreateRoundRectRgn,CreateEllipticRgn,Shell_NotifyIconW,GetModuleHandleExW,SetStdHandle,SetClipboardData,LHashValOfNameSys,GlobalAlloc,CreateConsoleScreenBuffer,

14_2_100068E3

Contains functionality to read the clipboard data

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

14_2_100068E3

Contains functionality to retrieve information about pressed keystrokes

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

14_2_100068E3

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_100094F1 LogonUserW,CreateDesktopW,GetProfileIntW,GetPrivateProfileIntW,NetLocalGroupAdd,NetGroupAdd,LookupPrivilegeValueW,LookupPrivilegeDisplayNameW,OpenSCManagerW,NetSessionDel,FindWindowW,SetVolumeMountPointW,DefineDosDeviceW,SetVolumeLabelW,MoveFileExW,RegisterEventSourceW,RemoveFontResourceExW,CreateScalableFontResourceW,OpenBackupEventLogW,OpenEventLogW,

14_2_100094F1

Contains functionality to call native functions

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_1002696C GetSystemInfo,NtQuerySystemInformation,		14_2_1002696C
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_10025DCC NtQuerySystemInformation,LoadLibraryA,GetProcAddress,NtQuerySystemInformation,		14_2_10025DCC

Contains functionality to communicate with device drivers

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_10005079: DeviceIoControl,

14_2_10005079

Contains functionality to delete services

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_10008674 DeleteService,

14_2_10008674

Contains functionality to launch a process as a different user

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_1002A4D0 CreateProcessW,CreateProcessAsUserW,

14_2_1002A4D0

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

14_2_100068E3

Detected potential crypto function

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_10007850	14_2_10007850
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_10027230	14_2_10027230
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_1002A828	14_2_1002A828
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_1001388C	14_2_1001388C
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_1002E0A8	14_2_1002E0A8
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_100220F4	14_2_100220F4
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_100179F0	14_2_100179F0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_10023268	14_2_10023268
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_10012AA4	14_2_10012AA4
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_1003FB00	14_2_1003FB00
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_1001B354	14_2_1001B354
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_100144FC	14_2_100144FC
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_10011504	14_2_10011504
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_1001253C	14_2_1001253C
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_10021D70	14_2_10021D70
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_1001E774	14_2_1001E774
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_10018778	14_2_10018778
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_1001FF80	14_2_1001FF80
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_63981C70	14_2_63981C70
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6608700F	14_2_6608700F
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6608AC10	14_2_6608AC10
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_66088C13	14_2_66088C13
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_660870B0	14_2_660870B0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_660892C4	14_2_660892C4
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_66082AD0	14_2_66082AD0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_66082530	14_2_66082530
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_66089380	14_2_66089380
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_66081BB0	14_2_66081BB0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_660899D0	14_2_660899D0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_66681E60	14_2_66681E60
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_66C01770	14_2_66C01770
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CC90B0	14_2_67CC90B0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CB37A0	14_2_67CB37A0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CB77A0	14_2_67CB77A0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67C9B710	14_2_67C9B710
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CCB6D0	14_2_67CCB6D0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67C9C640	14_2_67C9C640
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CDF600	14_2_67CDF600
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CBC51E	14_2_67CBC51E
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CAA4E0	14_2_67CAA4E0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CD53A0	14_2_67CD53A0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CE12A0	14_2_67CE12A0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CAA275	14_2_67CAA275
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CDF150	14_2_67CDF150
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CB80F0	14_2_67CB80F0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67C91DF0	14_2_67C91DF0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CA9D10	14_2_67CA9D10
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CA2CC0	14_2_67CA2CC0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CA5CD0	14_2_67CA5CD0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67C8FC60	14_2_67C8FC60
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67C99A00	14_2_67C99A00
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CC0950	14_2_67CC0950
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CA2830	14_2_67CA2830
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67E065F0	14_2_67E065F0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67E07500	14_2_67E07500
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67E0CE90	14_2_67E0CE90
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67E04A10	14_2_67E04A10
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A187210	14_2_6A187210
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A18BA50	14_2_6A18BA50
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A19CA50	14_2_6A19CA50
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A190710	14_2_6A190710
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A19C310	14_2_6A19C310
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A19CF00	14_2_6A19CF00
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A198B30	14_2_6A198B30
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A189370	14_2_6A189370
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A198F80	14_2_6A198F80
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A19EBA0	14_2_6A19EBA0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A196FF0	14_2_6A196FF0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A188C20	14_2_6A188C20
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A182040	14_2_6A182040
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A19F090	14_2_6A19F090
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A1918C0	14_2_6A1918C0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A18ACF0	14_2_6A18ACF0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A194D40	14_2_6A194D40
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A196D80	14_2_6A196D80
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A18C1E0	14_2_6A18C1E0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A18DDE0	14_2_6A18DDE0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6CA01AF0	14_2_6CA01AF0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_710C6D70	14_2_710C6D70
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_710CC370	14_2_710CC370
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_710C1B90	14_2_710C1B90
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_710C89C0	14_2_710C89C0

Found potential string decryption / allocating functions

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: String function: 67CB4730 appears 123 times
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: String function: 67CE3058 appears 51 times
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: String function: 6A182730 appears 143 times
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: String function: 1003B820 appears 31 times
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: String function: 10001BC8 appears 674 times
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: String function: 67CB5D20 appears 50 times
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: String function: 6A182690 appears 67 times
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: String function: 67CE2FA0 appears 36 times

PE file contains more sections than normal

Source: BRDE4F.tmp.14.dr	Static PE information: Number of sections : 16 > 10
Source: BRD60B.tmp.14.dr	Static PE information: Number of sections : 11 > 10
Source: BRD51C.tmp.14.dr	Static PE information: Number of sections : 16 > 10
Source: BRD63B.tmp.14.dr	Static PE information: Number of sections : 16 > 10
Source: Unconfirmed 415754.crdownload.0.dr	Static PE information: Number of sections : 12 > 10
Source: BRDE60.tmp.14.dr	Static PE information: Number of sections : 16 > 10
Source: d3599b48-6882-4652-928c-7c3771e8e95b.tmp.0.dr	Static PE information: Number of sections : 12 > 10
Source: BRD64B.tmp.14.dr	Static PE information: Number of sections : 11 > 10
Source: BRD5DA.tmp.14.dr	Static PE information: Number of sections : 16 > 10
Source: BRD9E8.tmp.14.dr	Static PE information: Number of sections : 16 > 10
Source: BRD7E3.tmp.14.dr	Static PE information: Number of sections : 11 > 10
Source: BRD9C8.tmp.14.dr	Static PE information: Number of sections : 16 > 10
Source: BRD5FA.tmp.14.dr	Static PE information: Number of sections : 16 > 10
Source: BRDE3F.tmp.14.dr	Static PE information: Number of sections : 16 > 10
Source: BRDE70.tmp.14.dr	Static PE information: Number of sections : 16 > 10

PE file does not import any functions

Source: d3599b48-6882-4652-928c-7c3771e8e95b.tmp.0.dr

Static PE information: No import functions for PE file found

PE file overlay found

Source: d3599b48-6882-4652-928c-7c3771e8e95b.tmp.0.dr

Static PE information: Data appended to the last section found

Source: classification engine

Classification label: clean19.win@22/23@0/11

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_1002E68C AdjustTokenPrivileges,GetLastError,AdjustTokenPrivileges,GetLastError,GetLastError,AdjustTokenPrivileges,

14_2_1002E68C

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_1001C0BC GetDiskFreeSpaceExW,

14_2_1001C0BC

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: lstrcmpW,CreateServiceW,

14_2_1003237C

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_10038C3C CoCreateInstance,

14_2_10038C3C

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_1002BFB0 SizeofResource,LoadResource,LockResource,

14_2_1002BFB0

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_1003213C lstrcmpW,ChangeServiceConfigW,

14_2_1003213C

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_10032EB8 StartServiceCtrlDispatcherW,

14_2_10032EB8

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\Downloads\d3599b48-6882-4652-928c-7c3771e8e95b.tmp

Jump to behavior

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

File created: C:\Users\user\AppData\Local\Temp\BRL00001ffc

Jump to behavior

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Tracker-6.2.0-windows-x64-installer.exe	String found in binary or memory: -address
Source: Tracker-6.2.0-windows-x64-installer.exe	String found in binary or memory: -startdoctypedeclcommand
Source: Tracker-6.2.0-windows-x64-installer.exe	String found in binary or memory: -startcdatasectioncommand
Source: Tracker-6.2.0-windows-x64-installer.exe	String found in binary or memory: -startnamespacedeclcommand

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=1996,i,11750231315309060857,8759801983077189053,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://physlets.org/tracker/installers/download.php?file=Tracker-6.2.0-windows-x64-installer.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5160 --field-trial-handle=1996,i,11750231315309060857,8759801983077189053,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe "C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=1996,i,11750231315309060857,8759801983077189053,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5160 --field-trial-handle=1996,i,11750231315309060857,8759801983077189053,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe "C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: pdh.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: textshaping.dll	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:

Binary contains a suspicious time stamp

Source: BRD60B.tmp.14.dr

Static PE information: 0xA418A410 [Thu Mar 29 07:58:08 2057 UTC]

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_10027014 LoadLibraryA,GetProcAddress,

14_2_10027014

PE file contains an invalid checksum

Source: d3599b48-6882-4652-928c-7c3771e8e95b.tmp.0.dr

Static PE information: real checksum: 0x2f7f82 should be: 0x9057

PE file contains sections with non-standard names

Source: d3599b48-6882-4652-928c-7c3771e8e95b.tmp.0.dr	Static PE information: section name: .xdata
Source: Unconfirmed 415754.crdownload.0.dr	Static PE information: section name: .xdata
Source: BRD51C.tmp.14.dr	Static PE information: section name: .xdata
Source: BRD51C.tmp.14.dr	Static PE information: section name: /4
Source: BRD51C.tmp.14.dr	Static PE information: section name: /19
Source: BRD51C.tmp.14.dr	Static PE information: section name: /31
Source: BRD51C.tmp.14.dr	Static PE information: section name: /45
Source: BRD51C.tmp.14.dr	Static PE information: section name: /57
Source: BRD5DA.tmp.14.dr	Static PE information: section name: .xdata
Source: BRD5DA.tmp.14.dr	Static PE information: section name: /4
Source: BRD5DA.tmp.14.dr	Static PE information: section name: /19
Source: BRD5DA.tmp.14.dr	Static PE information: section name: /31
Source: BRD5DA.tmp.14.dr	Static PE information: section name: /45
Source: BRD5DA.tmp.14.dr	Static PE information: section name: /57
Source: BRD5FA.tmp.14.dr	Static PE information: section name: .xdata
Source: BRD5FA.tmp.14.dr	Static PE information: section name: /4
Source: BRD5FA.tmp.14.dr	Static PE information: section name: /19
Source: BRD5FA.tmp.14.dr	Static PE information: section name: /31
Source: BRD5FA.tmp.14.dr	Static PE information: section name: /45
Source: BRD5FA.tmp.14.dr	Static PE information: section name: /57
Source: BRD60B.tmp.14.dr	Static PE information: section name: .xdata
Source: BRD63B.tmp.14.dr	Static PE information: section name: .xdata
Source: BRD63B.tmp.14.dr	Static PE information: section name: /4
Source: BRD63B.tmp.14.dr	Static PE information: section name: /19
Source: BRD63B.tmp.14.dr	Static PE information: section name: /31
Source: BRD63B.tmp.14.dr	Static PE information: section name: /45
Source: BRD63B.tmp.14.dr	Static PE information: section name: /57
Source: BRD64B.tmp.14.dr	Static PE information: section name: .xdata
Source: BRD7E3.tmp.14.dr	Static PE information: section name: .xdata
Source: BRD9C8.tmp.14.dr	Static PE information: section name: .xdata
Source: BRD9C8.tmp.14.dr	Static PE information: section name: /4
Source: BRD9C8.tmp.14.dr	Static PE information: section name: /19
Source: BRD9C8.tmp.14.dr	Static PE information: section name: /31
Source: BRD9C8.tmp.14.dr	Static PE information: section name: /45
Source: BRD9C8.tmp.14.dr	Static PE information: section name: /57
Source: BRD9E8.tmp.14.dr	Static PE information: section name: .xdata
Source: BRD9E8.tmp.14.dr	Static PE information: section name: /4
Source: BRD9E8.tmp.14.dr	Static PE information: section name: /19
Source: BRD9E8.tmp.14.dr	Static PE information: section name: /31
Source: BRD9E8.tmp.14.dr	Static PE information: section name: /45
Source: BRD9E8.tmp.14.dr	Static PE information: section name: /57
Source: BRDE3F.tmp.14.dr	Static PE information: section name: .xdata
Source: BRDE3F.tmp.14.dr	Static PE information: section name: /4
Source: BRDE3F.tmp.14.dr	Static PE information: section name: /19
Source: BRDE3F.tmp.14.dr	Static PE information: section name: /31
Source: BRDE3F.tmp.14.dr	Static PE information: section name: /45
Source: BRDE3F.tmp.14.dr	Static PE information: section name: /57
Source: BRDE4F.tmp.14.dr	Static PE information: section name: .xdata
Source: BRDE4F.tmp.14.dr	Static PE information: section name: /4
Source: BRDE4F.tmp.14.dr	Static PE information: section name: /19
Source: BRDE4F.tmp.14.dr	Static PE information: section name: /31
Source: BRDE4F.tmp.14.dr	Static PE information: section name: /45
Source: BRDE4F.tmp.14.dr	Static PE information: section name: /57
Source: BRDE60.tmp.14.dr	Static PE information: section name: .xdata
Source: BRDE60.tmp.14.dr	Static PE information: section name: /4
Source: BRDE60.tmp.14.dr	Static PE information: section name: /19
Source: BRDE60.tmp.14.dr	Static PE information: section name: /31
Source: BRDE60.tmp.14.dr	Static PE information: section name: /45
Source: BRDE60.tmp.14.dr	Static PE information: section name: /57
Source: BRDE70.tmp.14.dr	Static PE information: section name: .xdata
Source: BRDE70.tmp.14.dr	Static PE information: section name: /4
Source: BRDE70.tmp.14.dr	Static PE information: section name: /19
Source: BRDE70.tmp.14.dr	Static PE information: section name: /31
Source: BRDE70.tmp.14.dr	Static PE information: section name: /45
Source: BRDE70.tmp.14.dr	Static PE information: section name: /57

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6609164E push rbx; ret	14_2_6609164F
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CEAC4A push rsi; ret	14_2_67CEAC4D
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CEA962 push qword ptr [rdx]; ret	14_2_67CEA965
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CEA912 push qword ptr [rdx]; ret	14_2_67CEA915
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6C58A97B push rdx; iretd	14_2_6C58A986
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6C587B68 push rax; iretd	14_2_6C587B76
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6C589267 push rsp; retf	14_2_6C589280
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6C589FE1 push rbp; retf	14_2_6C589FE4
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6C5861E4 push 0000004Ch; iretd	14_2_6C5861E6

Drops PE files

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD51C.tmp	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\Unconfirmed 415754.crdownload	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD64B.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD9E8.tmp	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\d3599b48-6882-4652-928c-7c3771e8e95b.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD60B.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD5DA.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD63B.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRDE60.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD9C8.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRDE4F.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD7E3.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD5FA.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD57B.tmp	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe (copy)	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRDE3F.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRDE70.tmp	Jump to dropped file

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

File created: C:\Users\user\AppData\Local\Temp\installbuilder_installer.log

Jump to behavior

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_100325F8 StartServiceW,

14_2_100325F8

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

14_2_1000A360

Contains functionality to clear windows event logs (to hide its activities)

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_1000B408 OpenServiceW,FillConsoleOutputCharacterW,WriteConsoleW,GetServiceDisplayNameW,GetServiceKeyNameW,ClearEventLogW,BackupEventLogW,

14_2_1000B408

Contains functionality to enumerate device drivers

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: EnumDeviceDrivers,

14_2_10029BB8

Contains functionality to enumerate running services

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: EnumServicesStatusExW,GetLastError,

14_2_100317C4

Contains functionality to read device registry values (via SetupAPI)

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_10019AC8 SetupDiGetDeviceRegistryPropertyW,GetLastError,SetupDiGetDeviceRegistryPropertyW,

14_2_10019AC8

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD51C.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD64B.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD9E8.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD60B.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD5DA.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD63B.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRDE60.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD9C8.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRDE4F.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD7E3.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD5FA.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD57B.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRDE3F.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRDE70.tmp	Jump to dropped file

Found large amount of non-executed APIs

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

API coverage: 2.0 %

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_1002696C GetSystemInfo,NtQuerySystemInformation,

14_2_1002696C

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File opened: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD51C.tmp	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File opened: C:\Users\user\AppData\Local\Temp\BRL00001ffc\	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior

Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: a de Fonte Aberta de VMware InstallBuilder para %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Loodud VMware InstallBuilderi avatud l
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Opprettet med en Open Source lisens fra VMware InstallBuilder for %1$sllation.DeletingRegistryKeys=
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Erstellt mit einer Testversion des VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Oprettet med en evalueringsversion af VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: a Open Source do VMware InstallBuilder para %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521051201.0000000006900000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: sKreirano sa evaluacionom verzijom VMware InstallBuilder-a
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: e Aberta de VMware InstallBuilder para
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2478005999.000000000519C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: lappend Btvxo /Library/Java/JavaVirtualMachines//Home/bin/java /Library/Java/JavaVirtualMachines//*/Home/bin/java
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517881136.000000000676A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: wersji demonstracyjnej programu VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Creat cu o licenta Open Source a VMware InstallBuilder pentru %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517881136.000000000676A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ? ponownie teraz? VMware InstallBuilder dla %1$s si
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: af VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2446127260.0000000003664000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMWAREOEM -
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2459696924.0000000004680000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Created with an Open Source license of VMware InstallBuilder for %1$sdeleting service %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2461964067.0000000004818000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 4 osx-arm64 osx-ppc osx-10.2}uLHWW com.vmware.installbuilder.installercYjJt 1version 3.0
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: n de VMware InstallBuildereatingShortcut=Opretter genvej for %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2488972247.00000000057DC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: set uLHWW com.vmware.installbuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521051201.0000000006900000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 1$VMware InstallBuilder-a za %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: av VMware Ins
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: digo abierto de VMware InstallBuilder para %1$srettelse af biblioteket %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: a %2$s VMware InstallBuilder%$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Opprettet med en Open Source lisens fra VMware InstallBuilder for %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: rderingsversion av VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517881136.000000000676A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: digo abierto de VMware InstallBuilder para %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Creato con una versione di valutazione di VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Gemaakt met een evaluatieversie van VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder.
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2498671716.0000000005DA1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: if {[string match BITROCKOEM [$licenseInfo cget -organization]] \|\| [string match VMWAREOEM [$licenseInfo cget -organization]]} {
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: nga %1su VMware InstallBuilder pre %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: oLoodud kasutades VMware InstallBuilderi prooviversiooni
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2461964067.0000000004818000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <string>VMware InstallBuilder, Copyright %s-%s VMware, Inc.</string>
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Creato con una versione di valutazione di VMware InstallBuilder%1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ico VMware InstallBuilderja
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: rama VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UFout bij wijzigen groep van %1$s naar %2$sigen groep van %1$s naar %2$s VMware InsallBuilder voor %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2371980455.000000000581F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: maui::iiDwP::uLHWWriable uLHWW com.vmware.installbuilder.installer
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: yIzdelano z odprtokodno licenco VMware InstallBuilder za %1$sReading=Napaka med branjem INI datoteke %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: _Tervetuloa tuotteen %1$s ohjattuun asennukseen.ohjattuun asennukseen.erto de VMware InstallBilder para %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avec une licence Open Source license de VMware InstallBuilder pour %1$ser.Error.Base64DecodeEmptyString=Ne peut pas d
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder'in deneme s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: urce do VMware InstallBuilder para %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521051201.0000000006900000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2371980455.000000000581F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: riable uLHWW com.vmware.installbuilder.installer
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder%
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Luotu VMware InstallBuilderin %1$s-version avoimen l
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ]Luotu VMware InstallBuilderin kokeiluversiollanstallBuilderin kokeiluversiollario %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Creato con una licenza Open Source di VMware InstallBuilder per %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ncia de codi obert del VMware InstallBuilder per a %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: u VMware InstallBuilder pre %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: nz von VMware Inst
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521051201.0000000006900000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: tu VMware InstallBuilder priek
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: urce license de VMware InstallBuilde pour %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: urce license de VMware InstallBuilder pour
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: rograma VMware InstallBuilder za %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2371746703.0000000006A9B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: sOnly available for Windows installers; if enabled, it will use %LOCALAPPDATA%\VMware\Temporary for temporary files
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517881136.000000000676A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: licencji Open Source programu VMware InstallBuilder dla %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2451285155.0000000003F91000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: tip {Only available for Windows installers; if enabled, it will use %LOCALAPPDATA%\VMware\Temporary for temporary files}
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Kreirano Open Source licencom programa VMware InstallBuilder za %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilderja
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517881136.000000000676A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: licencji Open Source programuVMware InstallB
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521051201.0000000006900000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2522085334.0000000006985000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: a VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: o do programa VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2499233771.0000000005DE3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: il::Hgstt .tkshell {About VMware InstallBuilder} {}
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware Ins
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: om VMware InstallBuilder-amas
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: urim i hapur i VMware InstallBuilder p
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2446127260.0000000003664000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: About VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2371980455.000000000581F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: com.vmware.installbuilder.installer
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: icon programa VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2502846412.0000000005FF6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder Installer
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: rderingsversion av VMware InstallBuilder des abschlie
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: pod licenciou Open Source programu VMware InstallBuilder pre %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521565958.0000000006943000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\%2$sntuk %1$sVMware InstallBuilder unuk %1$s ?
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: e Aberta de VMware InstallBuilder para%1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2461964067.0000000004818000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: uLHWW com.vmware.installbuilder.installer
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2522807560.0000000006A0C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilderackageNametrycription
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: gCrewyd gyda fersiwn gwerthuso VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder %1$s.Update.mirror.title=
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2461592093.00000000047DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: $com.vmware.installbuilder.installerPAf
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521051201.0000000006900000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder-a za %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2358925391.0000000004681000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: proc Kt_LQ {EOTnn mxtLu DlVtN jXCBl {runAsAdmin 0} {brGJd 0} {osxPlatforms {osx-intel osx-x86_64 osx-arm64 osx-ppc osx-10.2}} {uLHWW com.vmware.installbuilder.installer} {cYjJt 1} {version 3.0}} {
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Luotu VMware InstallBuilderin kokeiluversiolla
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521565958.0000000006943000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: n VMware InstallBuilder-in A
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: verzi VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: wOprettet med en evalueringsversion af VMware InstallBuilderEnterKey=Stiskn
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Oprettet med en Open Source-licens for VMware InstallBuilder%1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: testovacou verziou programu VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: a de Fonte Aberta de VMware InstallBuilder para %1$s1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: om VMware InstallBuilder-a
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: o do programaVMware InstallBuilderoni
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: i ober del VMware InstallBuilder per a %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avec une licence Open Source license de VMware InstallBuilder pour %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2522085334.0000000006985000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: in VMware InstallBuilder programmasyny
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2446127260.0000000003664000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMWAREOEM
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Gemaakt met een Open Source-licentie van VMware InstallBuilder voor %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Crewyd gyda fersiwn gwerthuso VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Creat cu o versiune de evaluare VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: a VMware InstallBuilder pentru %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: valuation de VMware InstallBuilder%2$s --- Contruit sur %3$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: sGemaakt met een evaluatieversie van VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521051201.0000000006900000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Kreirano sa evaluacionom verzijom VMware InstallBuilder-a
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 1$snz von VMware InstllBuilder f
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521565958.0000000006943000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Dibuat dengan versi evaluasi VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: /Restauration de %1$s...nse de VMware InstallBi
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: eno v Open Source verzi VMware InstallBuilder pro %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: urce license de VMware InstallBuilder pour%1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2522085334.0000000006985000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: valuation de VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517881136.000000000676A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: lt a VMware InstallBuilder Open Source licenc
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder za %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2371980455.000000000581F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: $com.vmware.installbuilder.installer
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2499729911.0000000005E25000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: maui::util::Hgstt .tkshell {About VMware InstallBuilder} {}
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521565958.0000000006943000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: eDibuat dengan versi evaluasi VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ion av VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: des VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: nga Burim i hapur i VMware InstallBuilder p
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: erto de VMware InstallB
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avec une licence OpenSource license de VMware InstallBuilder pour %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Gemaakt met een Open Source-licentie van VMware InstallBuilder voor %1$sr.Parameter.KeyFile.explanation=Geef het sleutelbestand voor de installtie van ${product_fullname} aan
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Izveidots ar VMware InstallBuilder izm
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: qErstellt mit einer Testversion des VMware InstallBuilderp-Programms l
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2522085334.0000000006985000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder tresnak %1$s-(e)rako kode irekiko lizentziarekin irekitzen da
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: de VMware InstallBuilderintreg sistemul pot fi create numai de catre un administrtornten die u niet wilt verwijderen. Klik op Volgende als u klaar bent om door te gaan.
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2522085334.0000000006985000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder tresnaren ebaluazio-bertsioarekin sortu da
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: n de VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Kreiran sa Open Source licencom od VMware InstallBuilder-a za %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: wCreated with an evaluation version of VMware InstallBuilder error occurred when locating command '%1$s'
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Created with an Open Source license of VMware InstallBuilder for %1$slation.GetWindowsAccountRights=Unable to get account rights for %1$sInstaller.Launch.Product=Launch ${project.fullName} now
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: n de VMware InstallBuilderctorio: no se ha definido el destino
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2510586587.00000000063EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder for %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: av VMware InsallBuilder f
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2459696924.0000000004680000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: wCreated with an evaluation version of VMware InstallBuilder%1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: del VMware InstallBuilder per a %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder %1$s.
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: verzi VMware InstallBuildern ble ikke modifisertere
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: uIzveidots ar VMware InstallBuilder izm
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2499233771.0000000005DE3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ::maui::ACCxm::FnRqcil::Hgstt .tkshell {About VMware InstallBuilder} {}
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2510586587.00000000063EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ereen! VMware InstallBuilder for %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2369447178.000000000451E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder HTTP Client
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2522085334.0000000006985000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: uVMware InstallBuilder synag go
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: nse de VMware InstallB
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2502846412.0000000005FF6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder Installer\a
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: de VMware InstallBuildertori: no s'ha definit la destinaci
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Izdelano z odprtokodno licenco VMware InstallBuilder za %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521565958.0000000006943000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder un
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2439090395.0000000000AE0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517881136.000000000676A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallB
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: kCreat cu o versiune de evaluare VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Source license de VMware InstallBuilder pour %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: urce license de VMware InstallBuilde
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2371746703.0000000006A9B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Only available for Windows installers; if enabled, it will use %LOCALAPPDATA%\VMware\Temporary for temporary files
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517881136.000000000676A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: wersji demonstracyjnej programu VMware InstallBuilderxt=Sprawdzanie Aktualizacji
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521051201.0000000006900000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2459696924.0000000004680000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Created with an Open Source license of VMware InstallBuilder for %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: llicens av VMware InstallBuilder f
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: lt a VMware InstallBuilder pr
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: io af VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2459696924.0000000004680000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Created with an evaluation version of VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517881136.000000000676A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder for %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Erstellt mit einer Open Source Lizenz von VMware InstallBuilder f
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2522085334.0000000006985000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Dibuat dengan lisensi Sumber Terbuka VMware InstallBuilder untuk %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: de VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: wCreated with an evaluation version of VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: in VMware InstallBuilder'in A
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: wCreated with an evaluation version of VMware InstallBuilder, a Configura
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2499729911.0000000005E25000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: maui::util::Hgstt . {About VMware InstallBuilder} {}
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2465764424.0000000004AA1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: defaultValue {VMware InstallBuilder}
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2461186931.0000000004794000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <string>VMware InstallBuilder</string>
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Loodud kasutades VMware InstallBuilderi prooviversiooni
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521565958.0000000006943000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder-in s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2522085334.0000000006985000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder synag go
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2369447178.000000000451E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "VMware InstallBuilder HTTP ClientU

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Process information queried: ProcessInformation

Jump to behavior

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_10027014 LoadLibraryA,GetProcAddress,

14_2_10027014

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_1003F39C GetProcessHeap,HeapAlloc,

14_2_1003F39C

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_51FF1F30 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_51FF1F30
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_52003D30 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_52003D30
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_63102740 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_63102740
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_63983070 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_63983070
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6608D5A0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_6608D5A0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_66683CC0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_66683CC0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_66C09560 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_66C09560
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CDDBA0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_67CDDBA0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67E0EC60 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_67E0EC60
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A19AFE0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_6A19AFE0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6C581DF0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_6C581DF0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6CA020A0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_6CA020A0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_710D08B0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	14_2_710D08B0

Contains functionality to execute programs as a different user

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

14_2_100094F1

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_1002D7EC InitializeSecurityDescriptor,SetSecurityDescriptorControl,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,SetSecurityDescriptorDacl,SetSecurityDescriptorSacl,

14_2_1002D7EC

Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2465312466.0000000004A5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dde execute progman progman [format {[ShowGroup("%s",6)]} $tCByq]
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2465312466.0000000004A5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dde execute PROGMAN PROGMAN [format {[DeleteGroup("%s")]} $::maui::UCmrK::Bidth]
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2465312466.0000000004A5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ::maui::metadataObject::ADdvoAN PROGMAN [format {[DeleteGroup("%s")]} $::maui::
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2469443358.0000000004CE6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dde execute PROGMAN PROGMAN [format {[AddItem ("%s" %s,%s,,,,,"%s")]} $Dwy2A $LBLLO $name $n1aXo]
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2465312466.0000000004A5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AN PROGMAN [format {[DeleteGroup("%s")]} $::maui::
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2487190765.00000000056D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dde execute PROGMAN PROGMAN
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2469443358.0000000004CE6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dde execute PROGMAN PROGMAN [format {[AddItem ("%s" %s,%s,"%s",,,,"%s")]} $Dwy2A $LBLLO $name $WfzhF $n1aXo]
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2465312466.0000000004A5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dde execute PROGMAN PROGMAN [format {[CreateGroup("%s")]} $tCByq]
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2465312466.0000000004A5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: catch {dde execute PROGMAN PROGMAN [format {[DeleteGroup("%s")]} $tCByq]}

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: SetConsoleOutputCP,SetConsoleCP,GetStdHandle,GetClipboardFormatNameW,GetClipboardData,IsClipboardFormatAvailable,Sleep,GetSystemMetrics,GetComputerNameExW,SetThreadExecutionState,GetThreadDesktop,GetKeyState,GetAsyncKeyState,ImpersonateSelf,UuidCreate,SetCaretBlinkTime,SetLastError,GlobalDeleteAtom,GetLastError,ProcessIdToSessionId,Sleep,MessageBeep,SetCursorPos,SetCaretPos,MapVirtualKeyA,Beep,GetLocaleInfoW,GenerateConsoleCtrlEvent,ExitWindowsEx,AttachThreadInput,OpenInputDesktop,OpenThread,OpenProcess,CreateRoundRectRgn,CreateEllipticRgn,Shell_NotifyIconW,GetModuleHandleExW,SetStdHandle,SetClipboardData,LHashValOfNameSys,GlobalAlloc,CreateConsoleScreenBuffer,

14_2_100068E3

Queries device information via Setup API

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_10019AC8 SetupDiGetDeviceRegistryPropertyW,GetLastError,SetupDiGetDeviceRegistryPropertyW,

14_2_10019AC8

Queries information about the installed CPU (vendor, model number etc)

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Jump to behavior

Queries the product ID of Windows

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Queries volume information: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Queries volume information: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Queries volume information: C:\Users\user\AppData\Local\Temp VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Queries volume information: C:\Users\user\AppData\Local\Temp VolumeInformation	Jump to behavior

Queries time zone information

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Key value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation Bias

Jump to behavior

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_10021D70 CreateNamedPipeW,CreateEventA,CreateEventA,CreateEventA,wsprintfA,GetLastError,

14_2_10021D70

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_10002030 GetSystemTimeAsFileTime,

14_2_10002030

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_1002DD6C LookupAccountNameW,GetLastError,LookupAccountNameW,GetLastError,lstrlenW,lstrlenW,memcpy,memcpy,

14_2_1002DD6C

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_100023F0 GetTimeZoneInformation,

14_2_100023F0

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_10025FF4 GetVersionExW,

14_2_10025FF4

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_100144FC OleRun,CLSIDFromString,VariantInit,GetRecordInfoFromTypeInfo,RegisterTypeLib,CLSIDFromString,VariantInit,VariantInit,CLSIDFromString,LoadRegTypeLib,UnRegisterTypeLib,QueryPathOfRegTypeLib,GetRecordInfoFromGuids,CreateBindCtx,CreateFileMoniker,LoadTypeLibEx,CLSIDFromString,CoCreateInstance,CLSIDFromProgID,ProgIDFromCLSID,GetActiveObject,CoGetObject,SysFreeString,SysFreeString,SysFreeString,

14_2_100144FC

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.78	unknown	United States	15169	GOOGLEUS	false
165.227.222.255	unknown	United States	14061	DIGITALOCEAN-ASNUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
108.177.15.84	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
216.58.212.142	unknown	United States	15169	GOOGLEUS	false
142.250.186.163	unknown	United States	15169	GOOGLEUS	false
172.217.18.4	unknown	United States	15169	GOOGLEUS	false
142.250.185.227	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16
192.168.2.4

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_1000373D CryptAcquireContextW,	14_2_1000373D
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_10019770 CryptGenRandom,	14_2_10019770
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_100037E8 CryptReleaseContext,	14_2_100037E8

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

File created: C:\Users\user\AppData\Local\Temp\installbuilder_installer.log

Jump to behavior

Source:

Contains functionality to get notified if a device is plugged in / out

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_1001A9E0 memset,RegisterDeviceNotificationW,GetLastError,DestroyWindow,memset,memcmp,RegisterDeviceNotificationW,GetLastError,

14_2_1001A9E0

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File opened: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD51C.tmp	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File opened: C:\Users\user\AppData\Local\Temp\BRL00001ffc\	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior

Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2456364654.00000000043E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blogs.msdn.com/b/oldnewthing/archive/2004/01/30/65013.aspx
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2454456239.0000000004277000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blogs.msdn.com/oldnewthing/archive/2003/08/21/54675.aspx
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2456721225.0000000004462000.00000004.00000020.00020000.00000000.sdmp, Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2457469920.00000000044AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/index.html#id3037154
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2456721225.0000000004462000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/index.html#id3037154ds_disconnect_se
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2489513186.0000000005867000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.bitrock.com/feedback.php
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2522807560.0000000006A0C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://download.bitrock.com/feedback.phpsions
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2360115787.000000000485B000.00000004.00000020.00020000.00000000.sdmp, Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2358925391.0000000004681000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://forum.java.sun.com/thread.jspa?threadID=426291&messageID=1997063
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2454125617.0000000004228000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://support.micr
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2477574053.000000000515A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tcl.sf.net
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2489513186.0000000005867000.00000004.00000020.00020000.00000000.sdmp, Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2451285155.0000000003F91000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://timestamp.apple.com/ts01
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2522807560.0000000006A0C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://timestamp.apple.com/ts01Stylepy.Text=
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2496434277.0000000005C52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tkcon.sourceforge.net/
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2500277412.0000000005EAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wiki.tcl.tk/
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2477574053.000000000515A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.activestate.com/tcl/
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2358925391.0000000004681000.00000004.00000020.00020000.00000000.sdmp, Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2469983637.0000000004D31000.00000004.00000020.00020000.00000000.sdmp, Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2486291002.0000000005650000.00000004.00000020.00020000.00000000.sdmp, Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2461964067.0000000004818000.00000004.00000020.00020000.00000000.sdmp, Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2462825150.00000000048A1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2533012351.0000000006F36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cabrillo.edu/~dbrown/tracker/
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2359857859.000000000430C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cs.wm.edu/~hallyn/des/weak
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2526999767.0000000006C67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.freedesktop.org/standards/shared-mime-info
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2454903992.00000000042CE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2457139415.000000000446C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iana.org/assignments/character-sets
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2449589557.0000000003913000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.inria.fr/koala/colas/
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2533012351.0000000006F36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.opensourcephysics.org/
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2457139415.000000000446C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.tdom.org
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2375511893.0000000005E69000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://update.bitrock.com/api/1_0

Contains functionality for read data from the clipboard

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

14_2_1000A360

Contains functionality to modify clipboard data

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

14_2_100068E3

Contains functionality to read the clipboard data

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

14_2_100068E3

Contains functionality to retrieve information about pressed keystrokes

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

14_2_100068E3

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

14_2_100094F1

Contains functionality to call native functions

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_1002696C GetSystemInfo,NtQuerySystemInformation,		14_2_1002696C
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_10025DCC NtQuerySystemInformation,LoadLibraryA,GetProcAddress,NtQuerySystemInformation,		14_2_10025DCC

Contains functionality to communicate with device drivers

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_10005079: DeviceIoControl,

14_2_10005079

Contains functionality to delete services

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_10008674 DeleteService,

14_2_10008674

Contains functionality to launch a process as a different user

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_1002A4D0 CreateProcessW,CreateProcessAsUserW,

14_2_1002A4D0

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

14_2_100068E3

Detected potential crypto function

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_10007850	14_2_10007850
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_10027230	14_2_10027230
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_1002A828	14_2_1002A828
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_1001388C	14_2_1001388C
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_1002E0A8	14_2_1002E0A8
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_100220F4	14_2_100220F4
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_100179F0	14_2_100179F0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_10023268	14_2_10023268
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_10012AA4	14_2_10012AA4
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_1003FB00	14_2_1003FB00
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_1001B354	14_2_1001B354
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_100144FC	14_2_100144FC
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_10011504	14_2_10011504
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_1001253C	14_2_1001253C
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_10021D70	14_2_10021D70
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_1001E774	14_2_1001E774
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_10018778	14_2_10018778
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_1001FF80	14_2_1001FF80
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_63981C70	14_2_63981C70
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6608700F	14_2_6608700F
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6608AC10	14_2_6608AC10
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_66088C13	14_2_66088C13
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_660870B0	14_2_660870B0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_660892C4	14_2_660892C4
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_66082AD0	14_2_66082AD0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_66082530	14_2_66082530
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_66089380	14_2_66089380
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_66081BB0	14_2_66081BB0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_660899D0	14_2_660899D0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_66681E60	14_2_66681E60
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_66C01770	14_2_66C01770
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CC90B0	14_2_67CC90B0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CB37A0	14_2_67CB37A0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CB77A0	14_2_67CB77A0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67C9B710	14_2_67C9B710
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CCB6D0	14_2_67CCB6D0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67C9C640	14_2_67C9C640
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CDF600	14_2_67CDF600
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CBC51E	14_2_67CBC51E
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CAA4E0	14_2_67CAA4E0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CD53A0	14_2_67CD53A0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CE12A0	14_2_67CE12A0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CAA275	14_2_67CAA275
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CDF150	14_2_67CDF150
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CB80F0	14_2_67CB80F0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67C91DF0	14_2_67C91DF0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CA9D10	14_2_67CA9D10
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CA2CC0	14_2_67CA2CC0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CA5CD0	14_2_67CA5CD0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67C8FC60	14_2_67C8FC60
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67C99A00	14_2_67C99A00
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CC0950	14_2_67CC0950
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CA2830	14_2_67CA2830
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67E065F0	14_2_67E065F0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67E07500	14_2_67E07500
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67E0CE90	14_2_67E0CE90
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67E04A10	14_2_67E04A10
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A187210	14_2_6A187210
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A18BA50	14_2_6A18BA50
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A19CA50	14_2_6A19CA50
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A190710	14_2_6A190710
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A19C310	14_2_6A19C310
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A19CF00	14_2_6A19CF00
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A198B30	14_2_6A198B30
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A189370	14_2_6A189370
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A198F80	14_2_6A198F80
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A19EBA0	14_2_6A19EBA0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A196FF0	14_2_6A196FF0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A188C20	14_2_6A188C20
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A182040	14_2_6A182040
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A19F090	14_2_6A19F090
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A1918C0	14_2_6A1918C0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A18ACF0	14_2_6A18ACF0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A194D40	14_2_6A194D40
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A196D80	14_2_6A196D80
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A18C1E0	14_2_6A18C1E0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A18DDE0	14_2_6A18DDE0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6CA01AF0	14_2_6CA01AF0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_710C6D70	14_2_710C6D70
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_710CC370	14_2_710CC370
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_710C1B90	14_2_710C1B90
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_710C89C0	14_2_710C89C0

Found potential string decryption / allocating functions

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: String function: 67CB4730 appears 123 times
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: String function: 67CE3058 appears 51 times
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: String function: 6A182730 appears 143 times
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: String function: 1003B820 appears 31 times
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: String function: 10001BC8 appears 674 times
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: String function: 67CB5D20 appears 50 times
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: String function: 6A182690 appears 67 times
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: String function: 67CE2FA0 appears 36 times

PE file contains more sections than normal

Source: BRDE4F.tmp.14.dr	Static PE information: Number of sections : 16 > 10
Source: BRD60B.tmp.14.dr	Static PE information: Number of sections : 11 > 10
Source: BRD51C.tmp.14.dr	Static PE information: Number of sections : 16 > 10
Source: BRD63B.tmp.14.dr	Static PE information: Number of sections : 16 > 10
Source: Unconfirmed 415754.crdownload.0.dr	Static PE information: Number of sections : 12 > 10
Source: BRDE60.tmp.14.dr	Static PE information: Number of sections : 16 > 10
Source: d3599b48-6882-4652-928c-7c3771e8e95b.tmp.0.dr	Static PE information: Number of sections : 12 > 10
Source: BRD64B.tmp.14.dr	Static PE information: Number of sections : 11 > 10
Source: BRD5DA.tmp.14.dr	Static PE information: Number of sections : 16 > 10
Source: BRD9E8.tmp.14.dr	Static PE information: Number of sections : 16 > 10
Source: BRD7E3.tmp.14.dr	Static PE information: Number of sections : 11 > 10
Source: BRD9C8.tmp.14.dr	Static PE information: Number of sections : 16 > 10
Source: BRD5FA.tmp.14.dr	Static PE information: Number of sections : 16 > 10
Source: BRDE3F.tmp.14.dr	Static PE information: Number of sections : 16 > 10
Source: BRDE70.tmp.14.dr	Static PE information: Number of sections : 16 > 10

PE file does not import any functions

Source: d3599b48-6882-4652-928c-7c3771e8e95b.tmp.0.dr

Static PE information: No import functions for PE file found

PE file overlay found

Source: d3599b48-6882-4652-928c-7c3771e8e95b.tmp.0.dr

Static PE information: Data appended to the last section found

Source: classification engine

Classification label: clean19.win@22/23@0/11

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_1002E68C AdjustTokenPrivileges,GetLastError,AdjustTokenPrivileges,GetLastError,GetLastError,AdjustTokenPrivileges,

14_2_1002E68C

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_1001C0BC GetDiskFreeSpaceExW,

14_2_1001C0BC

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: lstrcmpW,CreateServiceW,

14_2_1003237C

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_10038C3C CoCreateInstance,

14_2_10038C3C

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_1002BFB0 SizeofResource,LoadResource,LockResource,

14_2_1002BFB0

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_1003213C lstrcmpW,ChangeServiceConfigW,

14_2_1003213C

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_10032EB8 StartServiceCtrlDispatcherW,

14_2_10032EB8

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\Downloads\d3599b48-6882-4652-928c-7c3771e8e95b.tmp

Jump to behavior

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

File created: C:\Users\user\AppData\Local\Temp\BRL00001ffc

Jump to behavior

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Tracker-6.2.0-windows-x64-installer.exe	String found in binary or memory: -address
Source: Tracker-6.2.0-windows-x64-installer.exe	String found in binary or memory: -startdoctypedeclcommand
Source: Tracker-6.2.0-windows-x64-installer.exe	String found in binary or memory: -startcdatasectioncommand
Source: Tracker-6.2.0-windows-x64-installer.exe	String found in binary or memory: -startnamespacedeclcommand

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=1996,i,11750231315309060857,8759801983077189053,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://physlets.org/tracker/installers/download.php?file=Tracker-6.2.0-windows-x64-installer.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5160 --field-trial-handle=1996,i,11750231315309060857,8759801983077189053,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe "C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=1996,i,11750231315309060857,8759801983077189053,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5160 --field-trial-handle=1996,i,11750231315309060857,8759801983077189053,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe "C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: pdh.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Section loaded: textshaping.dll	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:

Binary contains a suspicious time stamp

Source: BRD60B.tmp.14.dr

Static PE information: 0xA418A410 [Thu Mar 29 07:58:08 2057 UTC]

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_10027014 LoadLibraryA,GetProcAddress,

14_2_10027014

PE file contains an invalid checksum

Source: d3599b48-6882-4652-928c-7c3771e8e95b.tmp.0.dr

Static PE information: real checksum: 0x2f7f82 should be: 0x9057

PE file contains sections with non-standard names

Source: d3599b48-6882-4652-928c-7c3771e8e95b.tmp.0.dr	Static PE information: section name: .xdata
Source: Unconfirmed 415754.crdownload.0.dr	Static PE information: section name: .xdata
Source: BRD51C.tmp.14.dr	Static PE information: section name: .xdata
Source: BRD51C.tmp.14.dr	Static PE information: section name: /4
Source: BRD51C.tmp.14.dr	Static PE information: section name: /19
Source: BRD51C.tmp.14.dr	Static PE information: section name: /31
Source: BRD51C.tmp.14.dr	Static PE information: section name: /45
Source: BRD51C.tmp.14.dr	Static PE information: section name: /57
Source: BRD5DA.tmp.14.dr	Static PE information: section name: .xdata
Source: BRD5DA.tmp.14.dr	Static PE information: section name: /4
Source: BRD5DA.tmp.14.dr	Static PE information: section name: /19
Source: BRD5DA.tmp.14.dr	Static PE information: section name: /31
Source: BRD5DA.tmp.14.dr	Static PE information: section name: /45
Source: BRD5DA.tmp.14.dr	Static PE information: section name: /57
Source: BRD5FA.tmp.14.dr	Static PE information: section name: .xdata
Source: BRD5FA.tmp.14.dr	Static PE information: section name: /4
Source: BRD5FA.tmp.14.dr	Static PE information: section name: /19
Source: BRD5FA.tmp.14.dr	Static PE information: section name: /31
Source: BRD5FA.tmp.14.dr	Static PE information: section name: /45
Source: BRD5FA.tmp.14.dr	Static PE information: section name: /57
Source: BRD60B.tmp.14.dr	Static PE information: section name: .xdata
Source: BRD63B.tmp.14.dr	Static PE information: section name: .xdata
Source: BRD63B.tmp.14.dr	Static PE information: section name: /4
Source: BRD63B.tmp.14.dr	Static PE information: section name: /19
Source: BRD63B.tmp.14.dr	Static PE information: section name: /31
Source: BRD63B.tmp.14.dr	Static PE information: section name: /45
Source: BRD63B.tmp.14.dr	Static PE information: section name: /57
Source: BRD64B.tmp.14.dr	Static PE information: section name: .xdata
Source: BRD7E3.tmp.14.dr	Static PE information: section name: .xdata
Source: BRD9C8.tmp.14.dr	Static PE information: section name: .xdata
Source: BRD9C8.tmp.14.dr	Static PE information: section name: /4
Source: BRD9C8.tmp.14.dr	Static PE information: section name: /19
Source: BRD9C8.tmp.14.dr	Static PE information: section name: /31
Source: BRD9C8.tmp.14.dr	Static PE information: section name: /45
Source: BRD9C8.tmp.14.dr	Static PE information: section name: /57
Source: BRD9E8.tmp.14.dr	Static PE information: section name: .xdata
Source: BRD9E8.tmp.14.dr	Static PE information: section name: /4
Source: BRD9E8.tmp.14.dr	Static PE information: section name: /19
Source: BRD9E8.tmp.14.dr	Static PE information: section name: /31
Source: BRD9E8.tmp.14.dr	Static PE information: section name: /45
Source: BRD9E8.tmp.14.dr	Static PE information: section name: /57
Source: BRDE3F.tmp.14.dr	Static PE information: section name: .xdata
Source: BRDE3F.tmp.14.dr	Static PE information: section name: /4
Source: BRDE3F.tmp.14.dr	Static PE information: section name: /19
Source: BRDE3F.tmp.14.dr	Static PE information: section name: /31
Source: BRDE3F.tmp.14.dr	Static PE information: section name: /45
Source: BRDE3F.tmp.14.dr	Static PE information: section name: /57
Source: BRDE4F.tmp.14.dr	Static PE information: section name: .xdata
Source: BRDE4F.tmp.14.dr	Static PE information: section name: /4
Source: BRDE4F.tmp.14.dr	Static PE information: section name: /19
Source: BRDE4F.tmp.14.dr	Static PE information: section name: /31
Source: BRDE4F.tmp.14.dr	Static PE information: section name: /45
Source: BRDE4F.tmp.14.dr	Static PE information: section name: /57
Source: BRDE60.tmp.14.dr	Static PE information: section name: .xdata
Source: BRDE60.tmp.14.dr	Static PE information: section name: /4
Source: BRDE60.tmp.14.dr	Static PE information: section name: /19
Source: BRDE60.tmp.14.dr	Static PE information: section name: /31
Source: BRDE60.tmp.14.dr	Static PE information: section name: /45
Source: BRDE60.tmp.14.dr	Static PE information: section name: /57
Source: BRDE70.tmp.14.dr	Static PE information: section name: .xdata
Source: BRDE70.tmp.14.dr	Static PE information: section name: /4
Source: BRDE70.tmp.14.dr	Static PE information: section name: /19
Source: BRDE70.tmp.14.dr	Static PE information: section name: /31
Source: BRDE70.tmp.14.dr	Static PE information: section name: /45
Source: BRDE70.tmp.14.dr	Static PE information: section name: /57

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6609164E push rbx; ret	14_2_6609164F
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CEAC4A push rsi; ret	14_2_67CEAC4D
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CEA962 push qword ptr [rdx]; ret	14_2_67CEA965
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CEA912 push qword ptr [rdx]; ret	14_2_67CEA915
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6C58A97B push rdx; iretd	14_2_6C58A986
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6C587B68 push rax; iretd	14_2_6C587B76
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6C589267 push rsp; retf	14_2_6C589280
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6C589FE1 push rbp; retf	14_2_6C589FE4
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6C5861E4 push 0000004Ch; iretd	14_2_6C5861E6

Drops PE files

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD51C.tmp	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\Unconfirmed 415754.crdownload	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD64B.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD9E8.tmp	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\d3599b48-6882-4652-928c-7c3771e8e95b.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD60B.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD5DA.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD63B.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRDE60.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD9C8.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRDE4F.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD7E3.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD5FA.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD57B.tmp	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe (copy)	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRDE3F.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRDE70.tmp	Jump to dropped file

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

File created: C:\Users\user\AppData\Local\Temp\installbuilder_installer.log

Jump to behavior

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_100325F8 StartServiceW,

14_2_100325F8

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

14_2_1000A360

Contains functionality to clear windows event logs (to hide its activities)

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_1000B408 OpenServiceW,FillConsoleOutputCharacterW,WriteConsoleW,GetServiceDisplayNameW,GetServiceKeyNameW,ClearEventLogW,BackupEventLogW,

14_2_1000B408

Contains functionality to enumerate device drivers

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: EnumDeviceDrivers,

14_2_10029BB8

Contains functionality to enumerate running services

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: EnumServicesStatusExW,GetLastError,

14_2_100317C4

Contains functionality to read device registry values (via SetupAPI)

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_10019AC8 SetupDiGetDeviceRegistryPropertyW,GetLastError,SetupDiGetDeviceRegistryPropertyW,

14_2_10019AC8

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD51C.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD64B.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD9E8.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD60B.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD5DA.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD63B.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRDE60.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD9C8.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRDE4F.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD7E3.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD5FA.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD57B.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRDE3F.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRDE70.tmp	Jump to dropped file

Found large amount of non-executed APIs

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

API coverage: 2.0 %

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_1002696C GetSystemInfo,NtQuerySystemInformation,

14_2_1002696C

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File opened: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD51C.tmp	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File opened: C:\Users\user\AppData\Local\Temp\BRL00001ffc\	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior

Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: a de Fonte Aberta de VMware InstallBuilder para %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Loodud VMware InstallBuilderi avatud l
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Opprettet med en Open Source lisens fra VMware InstallBuilder for %1$sllation.DeletingRegistryKeys=
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Erstellt mit einer Testversion des VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Oprettet med en evalueringsversion af VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: a Open Source do VMware InstallBuilder para %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521051201.0000000006900000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: sKreirano sa evaluacionom verzijom VMware InstallBuilder-a
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: e Aberta de VMware InstallBuilder para
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2478005999.000000000519C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: lappend Btvxo /Library/Java/JavaVirtualMachines//Home/bin/java /Library/Java/JavaVirtualMachines//*/Home/bin/java
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517881136.000000000676A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: wersji demonstracyjnej programu VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Creat cu o licenta Open Source a VMware InstallBuilder pentru %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517881136.000000000676A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ? ponownie teraz? VMware InstallBuilder dla %1$s si
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: af VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2446127260.0000000003664000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMWAREOEM -
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2459696924.0000000004680000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Created with an Open Source license of VMware InstallBuilder for %1$sdeleting service %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2461964067.0000000004818000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 4 osx-arm64 osx-ppc osx-10.2}uLHWW com.vmware.installbuilder.installercYjJt 1version 3.0
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: n de VMware InstallBuildereatingShortcut=Opretter genvej for %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2488972247.00000000057DC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: set uLHWW com.vmware.installbuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521051201.0000000006900000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 1$VMware InstallBuilder-a za %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: av VMware Ins
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: digo abierto de VMware InstallBuilder para %1$srettelse af biblioteket %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: a %2$s VMware InstallBuilder%$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Opprettet med en Open Source lisens fra VMware InstallBuilder for %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: rderingsversion av VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517881136.000000000676A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: digo abierto de VMware InstallBuilder para %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Creato con una versione di valutazione di VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Gemaakt met een evaluatieversie van VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder.
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2498671716.0000000005DA1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: if {[string match BITROCKOEM [$licenseInfo cget -organization]] \|\| [string match VMWAREOEM [$licenseInfo cget -organization]]} {
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: nga %1su VMware InstallBuilder pre %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: oLoodud kasutades VMware InstallBuilderi prooviversiooni
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2461964067.0000000004818000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <string>VMware InstallBuilder, Copyright %s-%s VMware, Inc.</string>
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Creato con una versione di valutazione di VMware InstallBuilder%1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ico VMware InstallBuilderja
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: rama VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UFout bij wijzigen groep van %1$s naar %2$sigen groep van %1$s naar %2$s VMware InsallBuilder voor %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2371980455.000000000581F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: maui::iiDwP::uLHWWriable uLHWW com.vmware.installbuilder.installer
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: yIzdelano z odprtokodno licenco VMware InstallBuilder za %1$sReading=Napaka med branjem INI datoteke %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: _Tervetuloa tuotteen %1$s ohjattuun asennukseen.ohjattuun asennukseen.erto de VMware InstallBilder para %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avec une licence Open Source license de VMware InstallBuilder pour %1$ser.Error.Base64DecodeEmptyString=Ne peut pas d
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder'in deneme s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: urce do VMware InstallBuilder para %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521051201.0000000006900000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2371980455.000000000581F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: riable uLHWW com.vmware.installbuilder.installer
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder%
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Luotu VMware InstallBuilderin %1$s-version avoimen l
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ]Luotu VMware InstallBuilderin kokeiluversiollanstallBuilderin kokeiluversiollario %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Creato con una licenza Open Source di VMware InstallBuilder per %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ncia de codi obert del VMware InstallBuilder per a %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: u VMware InstallBuilder pre %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: nz von VMware Inst
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521051201.0000000006900000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: tu VMware InstallBuilder priek
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: urce license de VMware InstallBuilde pour %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: urce license de VMware InstallBuilder pour
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: rograma VMware InstallBuilder za %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2371746703.0000000006A9B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: sOnly available for Windows installers; if enabled, it will use %LOCALAPPDATA%\VMware\Temporary for temporary files
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517881136.000000000676A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: licencji Open Source programu VMware InstallBuilder dla %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2451285155.0000000003F91000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: tip {Only available for Windows installers; if enabled, it will use %LOCALAPPDATA%\VMware\Temporary for temporary files}
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Kreirano Open Source licencom programa VMware InstallBuilder za %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilderja
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517881136.000000000676A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: licencji Open Source programuVMware InstallB
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521051201.0000000006900000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2522085334.0000000006985000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: a VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: o do programa VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2499233771.0000000005DE3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: il::Hgstt .tkshell {About VMware InstallBuilder} {}
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware Ins
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: om VMware InstallBuilder-amas
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: urim i hapur i VMware InstallBuilder p
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2446127260.0000000003664000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: About VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2371980455.000000000581F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: com.vmware.installbuilder.installer
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: icon programa VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2502846412.0000000005FF6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder Installer
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: rderingsversion av VMware InstallBuilder des abschlie
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: pod licenciou Open Source programu VMware InstallBuilder pre %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521565958.0000000006943000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\%2$sntuk %1$sVMware InstallBuilder unuk %1$s ?
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: e Aberta de VMware InstallBuilder para%1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2461964067.0000000004818000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: uLHWW com.vmware.installbuilder.installer
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2522807560.0000000006A0C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilderackageNametrycription
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: gCrewyd gyda fersiwn gwerthuso VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder %1$s.Update.mirror.title=
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2461592093.00000000047DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: $com.vmware.installbuilder.installerPAf
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521051201.0000000006900000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder-a za %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2358925391.0000000004681000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: proc Kt_LQ {EOTnn mxtLu DlVtN jXCBl {runAsAdmin 0} {brGJd 0} {osxPlatforms {osx-intel osx-x86_64 osx-arm64 osx-ppc osx-10.2}} {uLHWW com.vmware.installbuilder.installer} {cYjJt 1} {version 3.0}} {
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Luotu VMware InstallBuilderin kokeiluversiolla
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521565958.0000000006943000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: n VMware InstallBuilder-in A
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: verzi VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: wOprettet med en evalueringsversion af VMware InstallBuilderEnterKey=Stiskn
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Oprettet med en Open Source-licens for VMware InstallBuilder%1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: testovacou verziou programu VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: a de Fonte Aberta de VMware InstallBuilder para %1$s1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: om VMware InstallBuilder-a
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: o do programaVMware InstallBuilderoni
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: i ober del VMware InstallBuilder per a %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avec une licence Open Source license de VMware InstallBuilder pour %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2522085334.0000000006985000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: in VMware InstallBuilder programmasyny
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2446127260.0000000003664000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMWAREOEM
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Gemaakt met een Open Source-licentie van VMware InstallBuilder voor %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Crewyd gyda fersiwn gwerthuso VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Creat cu o versiune de evaluare VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: a VMware InstallBuilder pentru %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: valuation de VMware InstallBuilder%2$s --- Contruit sur %3$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: sGemaakt met een evaluatieversie van VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521051201.0000000006900000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Kreirano sa evaluacionom verzijom VMware InstallBuilder-a
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 1$snz von VMware InstllBuilder f
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521565958.0000000006943000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Dibuat dengan versi evaluasi VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: /Restauration de %1$s...nse de VMware InstallBi
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: eno v Open Source verzi VMware InstallBuilder pro %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: urce license de VMware InstallBuilder pour%1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2522085334.0000000006985000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: valuation de VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517881136.000000000676A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: lt a VMware InstallBuilder Open Source licenc
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder za %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2371980455.000000000581F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: $com.vmware.installbuilder.installer
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2499729911.0000000005E25000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: maui::util::Hgstt .tkshell {About VMware InstallBuilder} {}
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521565958.0000000006943000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: eDibuat dengan versi evaluasi VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ion av VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: des VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: nga Burim i hapur i VMware InstallBuilder p
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: erto de VMware InstallB
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: avec une licence OpenSource license de VMware InstallBuilder pour %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Gemaakt met een Open Source-licentie van VMware InstallBuilder voor %1$sr.Parameter.KeyFile.explanation=Geef het sleutelbestand voor de installtie van ${product_fullname} aan
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Izveidots ar VMware InstallBuilder izm
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: qErstellt mit einer Testversion des VMware InstallBuilderp-Programms l
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2522085334.0000000006985000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder tresnak %1$s-(e)rako kode irekiko lizentziarekin irekitzen da
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: de VMware InstallBuilderintreg sistemul pot fi create numai de catre un administrtornten die u niet wilt verwijderen. Klik op Volgende als u klaar bent om door te gaan.
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2522085334.0000000006985000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder tresnaren ebaluazio-bertsioarekin sortu da
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: n de VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Kreiran sa Open Source licencom od VMware InstallBuilder-a za %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: wCreated with an evaluation version of VMware InstallBuilder error occurred when locating command '%1$s'
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Created with an Open Source license of VMware InstallBuilder for %1$slation.GetWindowsAccountRights=Unable to get account rights for %1$sInstaller.Launch.Product=Launch ${project.fullName} now
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: n de VMware InstallBuilderctorio: no se ha definido el destino
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2510586587.00000000063EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder for %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: av VMware InsallBuilder f
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2459696924.0000000004680000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: wCreated with an evaluation version of VMware InstallBuilder%1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: del VMware InstallBuilder per a %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder %1$s.
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: verzi VMware InstallBuildern ble ikke modifisertere
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: uIzveidots ar VMware InstallBuilder izm
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2499233771.0000000005DE3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ::maui::ACCxm::FnRqcil::Hgstt .tkshell {About VMware InstallBuilder} {}
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2510586587.00000000063EB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ereen! VMware InstallBuilder for %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2369447178.000000000451E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder HTTP Client
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2522085334.0000000006985000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: uVMware InstallBuilder synag go
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: nse de VMware InstallB
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2502846412.0000000005FF6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder Installer\a
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: de VMware InstallBuildertori: no s'ha definit la destinaci
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Izdelano z odprtokodno licenco VMware InstallBuilder za %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521565958.0000000006943000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder un
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2439090395.0000000000AE0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517881136.000000000676A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallB
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: kCreat cu o versiune de evaluare VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Source license de VMware InstallBuilder pour %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: urce license de VMware InstallBuilde
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2371746703.0000000006A9B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Only available for Windows installers; if enabled, it will use %LOCALAPPDATA%\VMware\Temporary for temporary files
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517881136.000000000676A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: wersji demonstracyjnej programu VMware InstallBuilderxt=Sprawdzanie Aktualizacji
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521051201.0000000006900000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2459696924.0000000004680000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Created with an Open Source license of VMware InstallBuilder for %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: llicens av VMware InstallBuilder f
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: lt a VMware InstallBuilder pr
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: io af VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2459696924.0000000004680000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Created with an evaluation version of VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517881136.000000000676A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder for %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Erstellt mit einer Open Source Lizenz von VMware InstallBuilder f
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2522085334.0000000006985000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Dibuat dengan lisensi Sumber Terbuka VMware InstallBuilder untuk %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: de VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: wCreated with an evaluation version of VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: in VMware InstallBuilder'in A
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: wCreated with an evaluation version of VMware InstallBuilder, a Configura
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2499729911.0000000005E25000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: maui::util::Hgstt . {About VMware InstallBuilder} {}
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2465764424.0000000004AA1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: defaultValue {VMware InstallBuilder}
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2461186931.0000000004794000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: <string>VMware InstallBuilder</string>
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Loodud kasutades VMware InstallBuilderi prooviversiooni
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521565958.0000000006943000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder-in s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2522085334.0000000006985000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware InstallBuilder synag go
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2369447178.000000000451E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "VMware InstallBuilder HTTP ClientU

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Process information queried: ProcessInformation

Jump to behavior

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_10027014 LoadLibraryA,GetProcAddress,

14_2_10027014

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_1003F39C GetProcessHeap,HeapAlloc,

14_2_1003F39C

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_51FF1F30 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_51FF1F30
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_52003D30 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_52003D30
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_63102740 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_63102740
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_63983070 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_63983070
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6608D5A0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_6608D5A0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_66683CC0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_66683CC0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_66C09560 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_66C09560
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67CDDBA0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_67CDDBA0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_67E0EC60 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_67E0EC60
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6A19AFE0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_6A19AFE0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6C581DF0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_6C581DF0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_6CA020A0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_6CA020A0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Code function: 14_2_710D08B0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	14_2_710D08B0

Contains functionality to execute programs as a different user

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

14_2_100094F1

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_1002D7EC InitializeSecurityDescriptor,SetSecurityDescriptorControl,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,SetSecurityDescriptorDacl,SetSecurityDescriptorSacl,

14_2_1002D7EC

Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2465312466.0000000004A5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dde execute progman progman [format {[ShowGroup("%s",6)]} $tCByq]
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2465312466.0000000004A5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dde execute PROGMAN PROGMAN [format {[DeleteGroup("%s")]} $::maui::UCmrK::Bidth]
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2465312466.0000000004A5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ::maui::metadataObject::ADdvoAN PROGMAN [format {[DeleteGroup("%s")]} $::maui::
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2469443358.0000000004CE6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dde execute PROGMAN PROGMAN [format {[AddItem ("%s" %s,%s,,,,,"%s")]} $Dwy2A $LBLLO $name $n1aXo]
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2465312466.0000000004A5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AN PROGMAN [format {[DeleteGroup("%s")]} $::maui::
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2487190765.00000000056D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dde execute PROGMAN PROGMAN
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2469443358.0000000004CE6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dde execute PROGMAN PROGMAN [format {[AddItem ("%s" %s,%s,"%s",,,,"%s")]} $Dwy2A $LBLLO $name $WfzhF $n1aXo]
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2465312466.0000000004A5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dde execute PROGMAN PROGMAN [format {[CreateGroup("%s")]} $tCByq]
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2465312466.0000000004A5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: catch {dde execute PROGMAN PROGMAN [format {[DeleteGroup("%s")]} $tCByq]}

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

14_2_100068E3

Queries device information via Setup API

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_10019AC8 SetupDiGetDeviceRegistryPropertyW,GetLastError,SetupDiGetDeviceRegistryPropertyW,

14_2_10019AC8

Queries information about the installed CPU (vendor, model number etc)

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Jump to behavior

Queries the product ID of Windows

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductId

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Queries volume information: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Queries volume information: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Queries volume information: C:\Users\user\AppData\Local\Temp VolumeInformation	Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe	Queries volume information: C:\Users\user\AppData\Local\Temp VolumeInformation	Jump to behavior

Queries time zone information

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Key value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation Bias

Jump to behavior

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_10021D70 CreateNamedPipeW,CreateEventA,CreateEventA,CreateEventA,wsprintfA,GetLastError,

14_2_10021D70

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_10002030 GetSystemTimeAsFileTime,

14_2_10002030

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_1002DD6C LookupAccountNameW,GetLastError,LookupAccountNameW,GetLastError,lstrlenW,lstrlenW,memcpy,memcpy,

14_2_1002DD6C

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_100023F0 GetTimeZoneInformation,

14_2_100023F0

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

Code function: 14_2_10025FF4 GetVersionExW,

14_2_10025FF4

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe

14_2_100144FC

ID:	1558892
Product:	CloudBasic
Start time:	22:46:35
Start date:	19.11.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD51C.tmp	PE32+ executable (DLL) (console) x86-64, for MS Windows	D2E59EE980C15085BBE292082ABEC7E6	30154E439177235E768C6FC9C7E6D83E9320A80B	EB10D4D4B459F4BBAF611538ED8098C7FAD5A839495085F3363B3BF1050C4958
C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD57B.tmp	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	C3C4F3FE90E3B3B02BEA0E8DA3447ED2	7AC0F54119D2273A2CD261F1FE6C5667E9C486DF	3524EC77985E390ACF9D07D81B1B44305165D711BBCA770F7458EA0A78751F82
C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD5DA.tmp	PE32+ executable (DLL) (console) x86-64, for MS Windows	F62DD6CE51E19349EC1D1F2E88C4EF4D	60BD29538B4FECAF527BA8B7D92B7F32D2E72DDB	BE88244DA9FAAA6636A9D2F4C4249C08066A0B48359690B9B27A2B9ED47E093D
C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD5FA.tmp	PE32+ executable (DLL) (console) x86-64, for MS Windows	119E67E0B0ADD3F09AABBDE47A599E17	991C049D2466C5242F67E664159CB025F49E5C70	439416FCEBCF073600AF44A2FB83428896DC8F69120EE4A76EE490A6428D6C94
C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD60B.tmp	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	5FBC6BD806A8A6C460FACEEEA73BD7F7	4D1586A9631A72C3E1D75FB3C385DBD278804665	8033D1B3AF84D47D275E022608DA35BAAC16CF40D9607CA026A47B6CD65E6A97
C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD63B.tmp	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	51C675FC1EF0A62322052D3E86567C06	E295D0B668105D81F9180EF1056D0528E4B2116A	AAA3D7E589E9BE1911EEE5974AFA68C64AF1BBD5E039FF6A82A15C2B54C0F9F0
C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD64B.tmp	PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows	6D2C718C3059CEAA7B90919E6725A09A	489967F8FE2B9021A891112754B840FE7DC71D13	2CA70BC6394EE1B299A8CF1FE28E95C7D68B765E1828DB1B651A7A62ACAE5356
C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD7E3.tmp	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows	A56543B9CD3AA403311B49189D25851E	BD2609D35D4A967FE23EF4092B1DAA6F74A858AD	034756F772399552CD33605A189EE0E45D7947860E0D83EC12AA6DA1A5A42054
C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD9C8.tmp	PE32+ executable (DLL) (console) x86-64, for MS Windows	9B299884420745D80C70BBA6B8A7F05A	195423185A7776E072A65FBABAE868C15F7B2F56	9426E96A97F41645FAB524385A852687792F99B505554B6B9809ED99451B2399
C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD9E8.tmp	PE32+ executable (DLL) (console) x86-64, for MS Windows	54431791B0B31CCD0112486F542858A1	E628F2DC29D039D474F97FE67E562BD8798C6BA6	B382C74F532AB766C272ED11B107A3EF7C015CCA2E716243379058C084981332
C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRDE3F.tmp	PE32+ executable (DLL) (console) x86-64, for MS Windows	2C8F6A964CA7761122F7DA22042462F4	290E48BF0F83B3F3832F69BB1EA0637ED4D8CCCA	9D6F2629AA5978DD6B87FE9BCE77A5CF0135B8DA2980A050579EB4E23A92F8FA
C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRDE4F.tmp	PE32+ executable (DLL) (console) x86-64, for MS Windows	4640FD47F64BB72CB34DBAFEE65DBDDE	508C8713E06BA55588D41918C5A99308CB4B37A0	F02C4352EA80E1B476EB4754455AE684EFB4289D95EDF925E38BD3789F6EAD49
C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRDE60.tmp	PE32+ executable (DLL) (console) x86-64, for MS Windows	7190ECF05EC3B297D6DED3E204399E95	5C085CBBBCC8686266ACFB318E75A38794625E88	49E2C502923DE5F89958DE86F1CC6F91E7DDAFE46D0F81BFB51A669627650E6E
C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRDE70.tmp	PE32+ executable (DLL) (console) x86-64, for MS Windows	053A60F34C75CA0A4A821B46EAE86D31	EBCF9F84A393969655969C248C2D572D7A05541C	683F19A461948F4CCA2FBECE26949B34D6347DFF279EFECE983B9F64A868422C
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 20:47:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	CBC64A7D588C6714C75946BD576CA264	C76A8D0790DE2ABB085244F3F24291F72B97E78B	3C4553FA12AFC3962AEE600686EC49942BC365353FFD7BAD10397B6FDEE6BF93
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 20:47:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	4B16F58B426B796446C8ED86BF7FCC1A	4C86F5076E59E4DDAE10D7DEE4E8D652AAFC6AF9	586E3748AE8537E7C0768AB085552C9C80D6297AFA3ACF9131BB1A99DE6F19ED
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	F5471A4A62DBDFDE89BFCE88797DEB64	907C774BF086F7780177FA04BD0AA812B6FB50F0	3932E28A8AE2534E7875BCA8B474CE31802DA059AD920797C28C63F9EE2CB750
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 20:47:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	06C98129FF6EDEEDC06AF3C7DD53D14E	61028EF3E4EA22F0D10AEA418A22A25A4027A1D3	589445E669DA016344CB8BC5FAB37CD0FA06F5785AA6391B74A5A4208440A1D2
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 20:47:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	313012E9F22C5ED98DCA3CFE3180EE01	1CD660BF5BFB2F6CBFC2CDA1C5B5120BAD1E4403	2C4288F67D3DCE453F02E29D78F9271CB332C0180AC7037D64DFA96FD35D6E8E
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 20:47:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	3D5B5F1B964A6B57AFE8EC2003901867	11AAD51B3C8981FD5CF1F3577AB6A9B0A9012DEB	6C1021308FB0947AEECEE06DBA1E0145D33183611E5DC2754CD9503B55D08CA7
C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe (copy)	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows	E70C0EFCFC1E13E1833AC75EF7650259	3CE3FFC5E6F71C18206EDF83C0BE06844EE37888	E1D2B2C17F21E9CE89A2C00513E387EC619614F26B12634DB0EFBC6F3B51CF8C
C:\Users\user\Downloads\Unconfirmed 415754.crdownload	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows	E70C0EFCFC1E13E1833AC75EF7650259	3CE3FFC5E6F71C18206EDF83C0BE06844EE37888	E1D2B2C17F21E9CE89A2C00513E387EC619614F26B12634DB0EFBC6F3B51CF8C
C:\Users\user\Downloads\d3599b48-6882-4652-928c-7c3771e8e95b.tmp	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows	58A952A40EA3977F801E5D7FA76A32A7	9B8C2CB0FDFDC69EE2B9245B4E486620CC5FF7EC	5E6375965757D1BBEC4FEF2ACE7137DDB2280BE3BECCF4B0FE88D9C4358E0AFD

Windows Analysis Report
https://physlets.org/tracker/installers/download.php?file=Tracker-6.2.0-windows-x64-installer.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

Protection of GUI

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Windows Analysis Report https://physlets.org/tracker/installers/download.php?file=Tracker-6.2.0-windows-x64-installer.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

Protection of GUI

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Windows Analysis Report
https://physlets.org/tracker/installers/download.php?file=Tracker-6.2.0-windows-x64-installer.exe