Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://physlets.org/tracker/installers/download.php?file=Tracker-6.2.0-windows-x64-installer.exe

Overview

General Information

Sample URL:https://physlets.org/tracker/installers/download.php?file=Tracker-6.2.0-windows-x64-installer.exe
Analysis ID:1558892
Infos:

Detection

Score:19
Range:0 - 100
Whitelisted:false
Confidence:0%

Signatures

Binary contains a suspicious time stamp
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to clear windows event logs (to hide its activities)
Contains functionality to communicate with device drivers
Contains functionality to delete services
Contains functionality to dynamically determine API calls
Contains functionality to enumerate device drivers
Contains functionality to enumerate running services
Contains functionality to execute programs as a different user
Contains functionality to get notified if a device is plugged in / out
Contains functionality to launch a process as a different user
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read device registry values (via SetupAPI)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
PE file overlay found
Queries device information via Setup API
Queries information about the installed CPU (vendor, model number etc)
Queries the product ID of Windows
Queries the volume information (name, serial number etc) of a device
Queries time zone information
Stores files to the Windows start menu directory
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 3436 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6808 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=1996,i,11750231315309060857,8759801983077189053,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6340 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5160 --field-trial-handle=1996,i,11750231315309060857,8759801983077189053,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6428 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://physlets.org/tracker/installers/download.php?file=Tracker-6.2.0-windows-x64-installer.exe" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_1000373D CryptAcquireContextW,14_2_1000373D
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_10019770 CryptGenRandom,14_2_10019770
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_100037E8 CryptReleaseContext,14_2_100037E8
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeFile created: C:\Users\user\AppData\Local\Temp\installbuilder_installer.logJump to behavior
Source: Binary string: C:\src\twapi\twapi\base\build\AMD64\release\twapi64.pdb source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2546629602.0000000010042000.00000002.00000001.01000000.00000008.sdmp, BRD57B.tmp.14.dr
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_1001A9E0 memset,RegisterDeviceNotificationW,GetLastError,DestroyWindow,memset,memcmp,RegisterDeviceNotificationW,GetLastError,14_2_1001A9E0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeFile opened: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD51C.tmpJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeFile opened: C:\Users\user\AppData\Local\Temp\BRL00001ffc\Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2456364654.00000000043E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blogs.msdn.com/b/oldnewthing/archive/2004/01/30/65013.aspx
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2454456239.0000000004277000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blogs.msdn.com/oldnewthing/archive/2003/08/21/54675.aspx
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2456721225.0000000004462000.00000004.00000020.00020000.00000000.sdmp, Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2457469920.00000000044AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/index.html#id3037154
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2456721225.0000000004462000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/index.html#id3037154ds_disconnect_se
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2489513186.0000000005867000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://download.bitrock.com/feedback.php
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2522807560.0000000006A0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://download.bitrock.com/feedback.phpsions
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2360115787.000000000485B000.00000004.00000020.00020000.00000000.sdmp, Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2358925391.0000000004681000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://forum.java.sun.com/thread.jspa?threadID=426291&messageID=1997063
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2454125617.0000000004228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://support.micr
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2477574053.000000000515A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tcl.sf.net
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2489513186.0000000005867000.00000004.00000020.00020000.00000000.sdmp, Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2451285155.0000000003F91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://timestamp.apple.com/ts01
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2522807560.0000000006A0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://timestamp.apple.com/ts01Stylepy.Text=
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2496434277.0000000005C52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tkcon.sourceforge.net/
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2500277412.0000000005EAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wiki.tcl.tk/
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2477574053.000000000515A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.activestate.com/tcl/
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2358925391.0000000004681000.00000004.00000020.00020000.00000000.sdmp, Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2469983637.0000000004D31000.00000004.00000020.00020000.00000000.sdmp, Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2486291002.0000000005650000.00000004.00000020.00020000.00000000.sdmp, Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2461964067.0000000004818000.00000004.00000020.00020000.00000000.sdmp, Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2462825150.00000000048A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2533012351.0000000006F36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cabrillo.edu/~dbrown/tracker/
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2359857859.000000000430C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cs.wm.edu/~hallyn/des/weak
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2526999767.0000000006C67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.freedesktop.org/standards/shared-mime-info
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2454903992.00000000042CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2457139415.000000000446C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/character-sets
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2449589557.0000000003913000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.inria.fr/koala/colas/
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2533012351.0000000006F36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.opensourcephysics.org/
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2457139415.000000000446C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tdom.org
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2375511893.0000000005E69000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://update.bitrock.com/api/1_0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_1000A360 ArrangeIconicWindows,IsWindowEnabled,IsWindowUnicode,IsWindow,IsWindowVisible,IsZoomed,IsIconic,SetForegroundWindow,ShowCaret,HideCaret,UpdateWindow,DestroyWindow,CloseWindow,OpenIcon,GetParent,GetClassNameW,SetActiveWindow,SetFocus,GetDC,GetWindowRect,GetClientRect,OpenClipboard,RealGetWindowClassW,GetWindowInfo,GetWindowPlacement,GetWindowDC,SetLastError,GetWindowTextW,GetLastError,GetWindowThreadProcessId,SetWindowPos,InvalidateRect,SetWindowPlacement,IsChild,SetWindowTextW,FindWindowExW,GetWindowRgn,SetWindowRgn,OpenThemeData,ReleaseDC,14_2_1000A360
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_100068E3 SetConsoleOutputCP,SetConsoleCP,GetStdHandle,GetClipboardFormatNameW,GetClipboardData,IsClipboardFormatAvailable,Sleep,GetSystemMetrics,GetComputerNameExW,SetThreadExecutionState,GetThreadDesktop,GetKeyState,GetAsyncKeyState,ImpersonateSelf,UuidCreate,SetCaretBlinkTime,SetLastError,GlobalDeleteAtom,GetLastError,ProcessIdToSessionId,Sleep,MessageBeep,SetCursorPos,SetCaretPos,MapVirtualKeyA,Beep,GetLocaleInfoW,GenerateConsoleCtrlEvent,ExitWindowsEx,AttachThreadInput,OpenInputDesktop,OpenThread,OpenProcess,CreateRoundRectRgn,CreateEllipticRgn,Shell_NotifyIconW,GetModuleHandleExW,SetStdHandle,SetClipboardData,LHashValOfNameSys,GlobalAlloc,CreateConsoleScreenBuffer,14_2_100068E3
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_100068E3 SetConsoleOutputCP,SetConsoleCP,GetStdHandle,GetClipboardFormatNameW,GetClipboardData,IsClipboardFormatAvailable,Sleep,GetSystemMetrics,GetComputerNameExW,SetThreadExecutionState,GetThreadDesktop,GetKeyState,GetAsyncKeyState,ImpersonateSelf,UuidCreate,SetCaretBlinkTime,SetLastError,GlobalDeleteAtom,GetLastError,ProcessIdToSessionId,Sleep,MessageBeep,SetCursorPos,SetCaretPos,MapVirtualKeyA,Beep,GetLocaleInfoW,GenerateConsoleCtrlEvent,ExitWindowsEx,AttachThreadInput,OpenInputDesktop,OpenThread,OpenProcess,CreateRoundRectRgn,CreateEllipticRgn,Shell_NotifyIconW,GetModuleHandleExW,SetStdHandle,SetClipboardData,LHashValOfNameSys,GlobalAlloc,CreateConsoleScreenBuffer,14_2_100068E3
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_100068E3 SetConsoleOutputCP,SetConsoleCP,GetStdHandle,GetClipboardFormatNameW,GetClipboardData,IsClipboardFormatAvailable,Sleep,GetSystemMetrics,GetComputerNameExW,SetThreadExecutionState,GetThreadDesktop,GetKeyState,GetAsyncKeyState,ImpersonateSelf,UuidCreate,SetCaretBlinkTime,SetLastError,GlobalDeleteAtom,GetLastError,ProcessIdToSessionId,Sleep,MessageBeep,SetCursorPos,SetCaretPos,MapVirtualKeyA,Beep,GetLocaleInfoW,GenerateConsoleCtrlEvent,ExitWindowsEx,AttachThreadInput,OpenInputDesktop,OpenThread,OpenProcess,CreateRoundRectRgn,CreateEllipticRgn,Shell_NotifyIconW,GetModuleHandleExW,SetStdHandle,SetClipboardData,LHashValOfNameSys,GlobalAlloc,CreateConsoleScreenBuffer,14_2_100068E3
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_100094F1 LogonUserW,CreateDesktopW,GetProfileIntW,GetPrivateProfileIntW,NetLocalGroupAdd,NetGroupAdd,LookupPrivilegeValueW,LookupPrivilegeDisplayNameW,OpenSCManagerW,NetSessionDel,FindWindowW,SetVolumeMountPointW,DefineDosDeviceW,SetVolumeLabelW,MoveFileExW,RegisterEventSourceW,RemoveFontResourceExW,CreateScalableFontResourceW,OpenBackupEventLogW,OpenEventLogW,14_2_100094F1
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_1002696C GetSystemInfo,NtQuerySystemInformation,14_2_1002696C
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_10025DCC NtQuerySystemInformation,LoadLibraryA,GetProcAddress,NtQuerySystemInformation,14_2_10025DCC
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_10005079: DeviceIoControl,14_2_10005079
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_10008674 DeleteService,14_2_10008674
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_1002A4D0 CreateProcessW,CreateProcessAsUserW,14_2_1002A4D0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_100068E3 SetConsoleOutputCP,SetConsoleCP,GetStdHandle,GetClipboardFormatNameW,GetClipboardData,IsClipboardFormatAvailable,Sleep,GetSystemMetrics,GetComputerNameExW,SetThreadExecutionState,GetThreadDesktop,GetKeyState,GetAsyncKeyState,ImpersonateSelf,UuidCreate,SetCaretBlinkTime,SetLastError,GlobalDeleteAtom,GetLastError,ProcessIdToSessionId,Sleep,MessageBeep,SetCursorPos,SetCaretPos,MapVirtualKeyA,Beep,GetLocaleInfoW,GenerateConsoleCtrlEvent,ExitWindowsEx,AttachThreadInput,OpenInputDesktop,OpenThread,OpenProcess,CreateRoundRectRgn,CreateEllipticRgn,Shell_NotifyIconW,GetModuleHandleExW,SetStdHandle,SetClipboardData,LHashValOfNameSys,GlobalAlloc,CreateConsoleScreenBuffer,14_2_100068E3
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_1000785014_2_10007850
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_1002723014_2_10027230
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_1002A82814_2_1002A828
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_1001388C14_2_1001388C
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_1002E0A814_2_1002E0A8
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_100220F414_2_100220F4
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_100179F014_2_100179F0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_1002326814_2_10023268
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_10012AA414_2_10012AA4
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_1003FB0014_2_1003FB00
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_1001B35414_2_1001B354
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_100144FC14_2_100144FC
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_1001150414_2_10011504
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_1001253C14_2_1001253C
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_10021D7014_2_10021D70
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_1001E77414_2_1001E774
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_1001877814_2_10018778
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_1001FF8014_2_1001FF80
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_63981C7014_2_63981C70
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_6608700F14_2_6608700F
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_6608AC1014_2_6608AC10
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_66088C1314_2_66088C13
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_660870B014_2_660870B0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_660892C414_2_660892C4
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_66082AD014_2_66082AD0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_6608253014_2_66082530
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_6608938014_2_66089380
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_66081BB014_2_66081BB0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_660899D014_2_660899D0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_66681E6014_2_66681E60
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_66C0177014_2_66C01770
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_67CC90B014_2_67CC90B0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_67CB37A014_2_67CB37A0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_67CB77A014_2_67CB77A0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_67C9B71014_2_67C9B710
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_67CCB6D014_2_67CCB6D0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_67C9C64014_2_67C9C640
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_67CDF60014_2_67CDF600
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_67CBC51E14_2_67CBC51E
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_67CAA4E014_2_67CAA4E0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_67CD53A014_2_67CD53A0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_67CE12A014_2_67CE12A0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_67CAA27514_2_67CAA275
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_67CDF15014_2_67CDF150
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_67CB80F014_2_67CB80F0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_67C91DF014_2_67C91DF0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_67CA9D1014_2_67CA9D10
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_67CA2CC014_2_67CA2CC0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_67CA5CD014_2_67CA5CD0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_67C8FC6014_2_67C8FC60
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_67C99A0014_2_67C99A00
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_67CC095014_2_67CC0950
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_67CA283014_2_67CA2830
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_67E065F014_2_67E065F0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_67E0750014_2_67E07500
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_67E0CE9014_2_67E0CE90
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_67E04A1014_2_67E04A10
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_6A18721014_2_6A187210
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_6A18BA5014_2_6A18BA50
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_6A19CA5014_2_6A19CA50
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_6A19071014_2_6A190710
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_6A19C31014_2_6A19C310
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_6A19CF0014_2_6A19CF00
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_6A198B3014_2_6A198B30
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_6A18937014_2_6A189370
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_6A198F8014_2_6A198F80
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_6A19EBA014_2_6A19EBA0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_6A196FF014_2_6A196FF0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_6A188C2014_2_6A188C20
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_6A18204014_2_6A182040
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_6A19F09014_2_6A19F090
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_6A1918C014_2_6A1918C0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_6A18ACF014_2_6A18ACF0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_6A194D4014_2_6A194D40
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_6A196D8014_2_6A196D80
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_6A18C1E014_2_6A18C1E0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_6A18DDE014_2_6A18DDE0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_6CA01AF014_2_6CA01AF0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_710C6D7014_2_710C6D70
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_710CC37014_2_710CC370
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_710C1B9014_2_710C1B90
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_710C89C014_2_710C89C0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: String function: 67CB4730 appears 123 times
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: String function: 67CE3058 appears 51 times
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: String function: 6A182730 appears 143 times
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: String function: 1003B820 appears 31 times
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: String function: 10001BC8 appears 674 times
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: String function: 67CB5D20 appears 50 times
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: String function: 6A182690 appears 67 times
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: String function: 67CE2FA0 appears 36 times
Source: BRDE4F.tmp.14.drStatic PE information: Number of sections : 16 > 10
Source: BRD60B.tmp.14.drStatic PE information: Number of sections : 11 > 10
Source: BRD51C.tmp.14.drStatic PE information: Number of sections : 16 > 10
Source: BRD63B.tmp.14.drStatic PE information: Number of sections : 16 > 10
Source: Unconfirmed 415754.crdownload.0.drStatic PE information: Number of sections : 12 > 10
Source: BRDE60.tmp.14.drStatic PE information: Number of sections : 16 > 10
Source: d3599b48-6882-4652-928c-7c3771e8e95b.tmp.0.drStatic PE information: Number of sections : 12 > 10
Source: BRD64B.tmp.14.drStatic PE information: Number of sections : 11 > 10
Source: BRD5DA.tmp.14.drStatic PE information: Number of sections : 16 > 10
Source: BRD9E8.tmp.14.drStatic PE information: Number of sections : 16 > 10
Source: BRD7E3.tmp.14.drStatic PE information: Number of sections : 11 > 10
Source: BRD9C8.tmp.14.drStatic PE information: Number of sections : 16 > 10
Source: BRD5FA.tmp.14.drStatic PE information: Number of sections : 16 > 10
Source: BRDE3F.tmp.14.drStatic PE information: Number of sections : 16 > 10
Source: BRDE70.tmp.14.drStatic PE information: Number of sections : 16 > 10
Source: d3599b48-6882-4652-928c-7c3771e8e95b.tmp.0.drStatic PE information: No import functions for PE file found
Source: d3599b48-6882-4652-928c-7c3771e8e95b.tmp.0.drStatic PE information: Data appended to the last section found
Source: classification engineClassification label: clean19.win@22/23@0/11
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_1002E68C AdjustTokenPrivileges,GetLastError,AdjustTokenPrivileges,GetLastError,GetLastError,AdjustTokenPrivileges,14_2_1002E68C
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_1001C0BC GetDiskFreeSpaceExW,14_2_1001C0BC
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: lstrcmpW,CreateServiceW,14_2_1003237C
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_10038C3C CoCreateInstance,14_2_10038C3C
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_1002BFB0 SizeofResource,LoadResource,LockResource,14_2_1002BFB0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_1003213C lstrcmpW,ChangeServiceConfigW,14_2_1003213C
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_10032EB8 StartServiceCtrlDispatcherW,14_2_10032EB8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\d3599b48-6882-4652-928c-7c3771e8e95b.tmpJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeFile created: C:\Users\user\AppData\Local\Temp\BRL00001ffcJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: Tracker-6.2.0-windows-x64-installer.exeString found in binary or memory: -address
Source: Tracker-6.2.0-windows-x64-installer.exeString found in binary or memory: -startdoctypedeclcommand
Source: Tracker-6.2.0-windows-x64-installer.exeString found in binary or memory: -startcdatasectioncommand
Source: Tracker-6.2.0-windows-x64-installer.exeString found in binary or memory: -startnamespacedeclcommand
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=1996,i,11750231315309060857,8759801983077189053,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://physlets.org/tracker/installers/download.php?file=Tracker-6.2.0-windows-x64-installer.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5160 --field-trial-handle=1996,i,11750231315309060857,8759801983077189053,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe "C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=1996,i,11750231315309060857,8759801983077189053,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5160 --field-trial-handle=1996,i,11750231315309060857,8759801983077189053,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe "C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe" Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeSection loaded: pdh.dllJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeSection loaded: textshaping.dllJump to behavior
Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Binary string: C:\src\twapi\twapi\base\build\AMD64\release\twapi64.pdb source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2546629602.0000000010042000.00000002.00000001.01000000.00000008.sdmp, BRD57B.tmp.14.dr
Source: BRD60B.tmp.14.drStatic PE information: 0xA418A410 [Thu Mar 29 07:58:08 2057 UTC]
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_10027014 LoadLibraryA,GetProcAddress,14_2_10027014
Source: d3599b48-6882-4652-928c-7c3771e8e95b.tmp.0.drStatic PE information: real checksum: 0x2f7f82 should be: 0x9057
Source: d3599b48-6882-4652-928c-7c3771e8e95b.tmp.0.drStatic PE information: section name: .xdata
Source: Unconfirmed 415754.crdownload.0.drStatic PE information: section name: .xdata
Source: BRD51C.tmp.14.drStatic PE information: section name: .xdata
Source: BRD51C.tmp.14.drStatic PE information: section name: /4
Source: BRD51C.tmp.14.drStatic PE information: section name: /19
Source: BRD51C.tmp.14.drStatic PE information: section name: /31
Source: BRD51C.tmp.14.drStatic PE information: section name: /45
Source: BRD51C.tmp.14.drStatic PE information: section name: /57
Source: BRD5DA.tmp.14.drStatic PE information: section name: .xdata
Source: BRD5DA.tmp.14.drStatic PE information: section name: /4
Source: BRD5DA.tmp.14.drStatic PE information: section name: /19
Source: BRD5DA.tmp.14.drStatic PE information: section name: /31
Source: BRD5DA.tmp.14.drStatic PE information: section name: /45
Source: BRD5DA.tmp.14.drStatic PE information: section name: /57
Source: BRD5FA.tmp.14.drStatic PE information: section name: .xdata
Source: BRD5FA.tmp.14.drStatic PE information: section name: /4
Source: BRD5FA.tmp.14.drStatic PE information: section name: /19
Source: BRD5FA.tmp.14.drStatic PE information: section name: /31
Source: BRD5FA.tmp.14.drStatic PE information: section name: /45
Source: BRD5FA.tmp.14.drStatic PE information: section name: /57
Source: BRD60B.tmp.14.drStatic PE information: section name: .xdata
Source: BRD63B.tmp.14.drStatic PE information: section name: .xdata
Source: BRD63B.tmp.14.drStatic PE information: section name: /4
Source: BRD63B.tmp.14.drStatic PE information: section name: /19
Source: BRD63B.tmp.14.drStatic PE information: section name: /31
Source: BRD63B.tmp.14.drStatic PE information: section name: /45
Source: BRD63B.tmp.14.drStatic PE information: section name: /57
Source: BRD64B.tmp.14.drStatic PE information: section name: .xdata
Source: BRD7E3.tmp.14.drStatic PE information: section name: .xdata
Source: BRD9C8.tmp.14.drStatic PE information: section name: .xdata
Source: BRD9C8.tmp.14.drStatic PE information: section name: /4
Source: BRD9C8.tmp.14.drStatic PE information: section name: /19
Source: BRD9C8.tmp.14.drStatic PE information: section name: /31
Source: BRD9C8.tmp.14.drStatic PE information: section name: /45
Source: BRD9C8.tmp.14.drStatic PE information: section name: /57
Source: BRD9E8.tmp.14.drStatic PE information: section name: .xdata
Source: BRD9E8.tmp.14.drStatic PE information: section name: /4
Source: BRD9E8.tmp.14.drStatic PE information: section name: /19
Source: BRD9E8.tmp.14.drStatic PE information: section name: /31
Source: BRD9E8.tmp.14.drStatic PE information: section name: /45
Source: BRD9E8.tmp.14.drStatic PE information: section name: /57
Source: BRDE3F.tmp.14.drStatic PE information: section name: .xdata
Source: BRDE3F.tmp.14.drStatic PE information: section name: /4
Source: BRDE3F.tmp.14.drStatic PE information: section name: /19
Source: BRDE3F.tmp.14.drStatic PE information: section name: /31
Source: BRDE3F.tmp.14.drStatic PE information: section name: /45
Source: BRDE3F.tmp.14.drStatic PE information: section name: /57
Source: BRDE4F.tmp.14.drStatic PE information: section name: .xdata
Source: BRDE4F.tmp.14.drStatic PE information: section name: /4
Source: BRDE4F.tmp.14.drStatic PE information: section name: /19
Source: BRDE4F.tmp.14.drStatic PE information: section name: /31
Source: BRDE4F.tmp.14.drStatic PE information: section name: /45
Source: BRDE4F.tmp.14.drStatic PE information: section name: /57
Source: BRDE60.tmp.14.drStatic PE information: section name: .xdata
Source: BRDE60.tmp.14.drStatic PE information: section name: /4
Source: BRDE60.tmp.14.drStatic PE information: section name: /19
Source: BRDE60.tmp.14.drStatic PE information: section name: /31
Source: BRDE60.tmp.14.drStatic PE information: section name: /45
Source: BRDE60.tmp.14.drStatic PE information: section name: /57
Source: BRDE70.tmp.14.drStatic PE information: section name: .xdata
Source: BRDE70.tmp.14.drStatic PE information: section name: /4
Source: BRDE70.tmp.14.drStatic PE information: section name: /19
Source: BRDE70.tmp.14.drStatic PE information: section name: /31
Source: BRDE70.tmp.14.drStatic PE information: section name: /45
Source: BRDE70.tmp.14.drStatic PE information: section name: /57
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_6609164E push rbx; ret 14_2_6609164F
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_67CEAC4A push rsi; ret 14_2_67CEAC4D
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_67CEA962 push qword ptr [rdx]; ret 14_2_67CEA965
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_67CEA912 push qword ptr [rdx]; ret 14_2_67CEA915
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_6C58A97B push rdx; iretd 14_2_6C58A986
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_6C587B68 push rax; iretd 14_2_6C587B76
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_6C589267 push rsp; retf 14_2_6C589280
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_6C589FE1 push rbp; retf 14_2_6C589FE4
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_6C5861E4 push 0000004Ch; iretd 14_2_6C5861E6
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeFile created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD51C.tmpJump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\Unconfirmed 415754.crdownloadJump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeFile created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD64B.tmpJump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeFile created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD9E8.tmpJump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\d3599b48-6882-4652-928c-7c3771e8e95b.tmpJump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeFile created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD60B.tmpJump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeFile created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD5DA.tmpJump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeFile created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD63B.tmpJump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeFile created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRDE60.tmpJump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeFile created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD9C8.tmpJump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeFile created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRDE4F.tmpJump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeFile created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD7E3.tmpJump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeFile created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD5FA.tmpJump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeFile created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD57B.tmpJump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe (copy)Jump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeFile created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRDE3F.tmpJump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeFile created: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRDE70.tmpJump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeFile created: C:\Users\user\AppData\Local\Temp\installbuilder_installer.logJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_100325F8 StartServiceW,14_2_100325F8
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_1000A360 ArrangeIconicWindows,IsWindowEnabled,IsWindowUnicode,IsWindow,IsWindowVisible,IsZoomed,IsIconic,SetForegroundWindow,ShowCaret,HideCaret,UpdateWindow,DestroyWindow,CloseWindow,OpenIcon,GetParent,GetClassNameW,SetActiveWindow,SetFocus,GetDC,GetWindowRect,GetClientRect,OpenClipboard,RealGetWindowClassW,GetWindowInfo,GetWindowPlacement,GetWindowDC,SetLastError,GetWindowTextW,GetLastError,GetWindowThreadProcessId,SetWindowPos,InvalidateRect,SetWindowPlacement,IsChild,SetWindowTextW,FindWindowExW,GetWindowRgn,SetWindowRgn,OpenThemeData,ReleaseDC,14_2_1000A360
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_1000B408 OpenServiceW,FillConsoleOutputCharacterW,WriteConsoleW,GetServiceDisplayNameW,GetServiceKeyNameW,ClearEventLogW,BackupEventLogW,14_2_1000B408
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: EnumDeviceDrivers,14_2_10029BB8
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: EnumServicesStatusExW,GetLastError,14_2_100317C4
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_10019AC8 SetupDiGetDeviceRegistryPropertyW,GetLastError,SetupDiGetDeviceRegistryPropertyW,14_2_10019AC8
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD51C.tmpJump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD64B.tmpJump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD9E8.tmpJump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD60B.tmpJump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD5DA.tmpJump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD63B.tmpJump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRDE60.tmpJump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD9C8.tmpJump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRDE4F.tmpJump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD7E3.tmpJump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD5FA.tmpJump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD57B.tmpJump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRDE3F.tmpJump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRDE70.tmpJump to dropped file
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeAPI coverage: 2.0 %
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_1002696C GetSystemInfo,NtQuerySystemInformation,14_2_1002696C
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeFile opened: C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD51C.tmpJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeFile opened: C:\Users\user\AppData\Local\Temp\BRL00001ffc\Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeFile opened: C:\Users\user\AppData\Local\Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeFile opened: C:\Users\user\Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeFile opened: C:\Users\user\AppData\Local\Temp\Jump to behavior
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: a de Fonte Aberta de VMware InstallBuilder para %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Loodud VMware InstallBuilderi avatud l
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Opprettet med en Open Source lisens fra VMware InstallBuilder for %1$sllation.DeletingRegistryKeys=
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Erstellt mit einer Testversion des VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Oprettet med en evalueringsversion af VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: a Open Source do VMware InstallBuilder para %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521051201.0000000006900000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sKreirano sa evaluacionom verzijom VMware InstallBuilder-a
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: e Aberta de VMware InstallBuilder para
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2478005999.000000000519C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: lappend Btvxo /Library/Java/JavaVirtualMachines/*/Home/bin/java /Library/Java/JavaVirtualMachines/*/*/Home/bin/java
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517881136.000000000676A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: wersji demonstracyjnej programu VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Creat cu o licenta Open Source a VMware InstallBuilder pentru %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517881136.000000000676A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ? ponownie teraz? VMware InstallBuilder dla %1$s si
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: af VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2446127260.0000000003664000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: *VMWAREOEM* -
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2459696924.0000000004680000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Created with an Open Source license of VMware InstallBuilder for %1$sdeleting service %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2461964067.0000000004818000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 4 osx-arm64 osx-ppc osx-10.2}uLHWW com.vmware.installbuilder.installercYjJt 1version 3.0
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: n de VMware InstallBuildereatingShortcut=Opretter genvej for %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2488972247.00000000057DC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: set uLHWW com.vmware.installbuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521051201.0000000006900000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1$VMware InstallBuilder-a za %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: av VMware Ins
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: digo abierto de VMware InstallBuilder para %1$srettelse af biblioteket %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: a %2$s VMware InstallBuilder%$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Opprettet med en Open Source lisens fra VMware InstallBuilder for %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rderingsversion av VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517881136.000000000676A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: digo abierto de VMware InstallBuilder para %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Creato con una versione di valutazione di VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Gemaakt met een evaluatieversie van VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder.
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2498671716.0000000005DA1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: if {[string match *BITROCKOEM* [$licenseInfo cget -organization]] || [string match *VMWAREOEM* [$licenseInfo cget -organization]]} {
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: nga %1su VMware InstallBuilder pre %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: oLoodud kasutades VMware InstallBuilderi prooviversiooni
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2461964067.0000000004818000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <string>VMware InstallBuilder, Copyright %s-%s VMware, Inc.</string>
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Creato con una versione di valutazione di VMware InstallBuilder%1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ico VMware InstallBuilderja
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rama VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UFout bij wijzigen groep van %1$s naar %2$sigen groep van %1$s naar %2$s VMware InsallBuilder voor %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2371980455.000000000581F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: maui::iiDwP::uLHWWriable uLHWW com.vmware.installbuilder.installer
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: yIzdelano z odprtokodno licenco VMware InstallBuilder za %1$sReading=Napaka med branjem INI datoteke %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _Tervetuloa tuotteen %1$s ohjattuun asennukseen.ohjattuun asennukseen.erto de VMware InstallBilder para %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avec une licence Open Source license de VMware InstallBuilder pour %1$ser.Error.Base64DecodeEmptyString=Ne peut pas d
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder'in deneme s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: urce do VMware InstallBuilder para %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521051201.0000000006900000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2371980455.000000000581F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: riable uLHWW com.vmware.installbuilder.installer
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder%
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Luotu VMware InstallBuilderin %1$s-version avoimen l
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ]Luotu VMware InstallBuilderin kokeiluversiollanstallBuilderin kokeiluversiollario %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Creato con una licenza Open Source di VMware InstallBuilder per %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ncia de codi obert del VMware InstallBuilder per a %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: u VMware InstallBuilder pre %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: nz von VMware Inst
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521051201.0000000006900000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tu VMware InstallBuilder priek
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: urce license de VMware InstallBuilde pour %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: urce license de VMware InstallBuilder pour
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rograma VMware InstallBuilder za %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2371746703.0000000006A9B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sOnly available for Windows installers; if enabled, it will use %LOCALAPPDATA%\VMware\Temporary for temporary files
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517881136.000000000676A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: licencji Open Source programu VMware InstallBuilder dla %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2451285155.0000000003F91000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tip {Only available for Windows installers; if enabled, it will use %LOCALAPPDATA%\VMware\Temporary for temporary files}
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Kreirano Open Source licencom programa VMware InstallBuilder za %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilderja
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517881136.000000000676A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: licencji Open Source programuVMware InstallB
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521051201.0000000006900000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2522085334.0000000006985000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: a VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: o do programa VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2499233771.0000000005DE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: il::Hgstt .tkshell {About VMware InstallBuilder} {}
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware Ins
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: om VMware InstallBuilder-amas
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: urim i hapur i VMware InstallBuilder p
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2446127260.0000000003664000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: About VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2371980455.000000000581F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: com.vmware.installbuilder.installer
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: icon programa VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2502846412.0000000005FF6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder Installer
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rderingsversion av VMware InstallBuilder des abschlie
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: pod licenciou Open Source programu VMware InstallBuilder pre %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521565958.0000000006943000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\%2$sntuk %1$sVMware InstallBuilder unuk %1$s ?
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: e Aberta de VMware InstallBuilder para%1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2461964067.0000000004818000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uLHWW com.vmware.installbuilder.installer
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2522807560.0000000006A0C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilderackageNametrycription
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: gCrewyd gyda fersiwn gwerthuso VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder %1$s.Update.mirror.title=
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2461592093.00000000047DA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: $com.vmware.installbuilder.installerPAf
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521051201.0000000006900000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder-a za %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2358925391.0000000004681000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: proc Kt_LQ {EOTnn mxtLu DlVtN jXCBl {runAsAdmin 0} {brGJd 0} {osxPlatforms {osx-intel osx-x86_64 osx-arm64 osx-ppc osx-10.2}} {uLHWW com.vmware.installbuilder.installer} {cYjJt 1} {version 3.0}} {
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Luotu VMware InstallBuilderin kokeiluversiolla
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521565958.0000000006943000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: n VMware InstallBuilder-in A
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: verzi VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: wOprettet med en evalueringsversion af VMware InstallBuilderEnterKey=Stiskn
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Oprettet med en Open Source-licens for VMware InstallBuilder%1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: testovacou verziou programu VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: a de Fonte Aberta de VMware InstallBuilder para %1$s1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: om VMware InstallBuilder-a
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: o do programaVMware InstallBuilderoni
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: i ober del VMware InstallBuilder per a %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avec une licence Open Source license de VMware InstallBuilder pour %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2522085334.0000000006985000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: in VMware InstallBuilder programmasyny
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2446127260.0000000003664000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: *VMWAREOEM*
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Gemaakt met een Open Source-licentie van VMware InstallBuilder voor %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Crewyd gyda fersiwn gwerthuso VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Creat cu o versiune de evaluare VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: a VMware InstallBuilder pentru %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: valuation de VMware InstallBuilder%2$s --- Contruit sur %3$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sGemaakt met een evaluatieversie van VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521051201.0000000006900000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Kreirano sa evaluacionom verzijom VMware InstallBuilder-a
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1$snz von VMware InstllBuilder f
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521565958.0000000006943000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Dibuat dengan versi evaluasi VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: /Restauration de %1$s...nse de VMware InstallBi
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: eno v Open Source verzi VMware InstallBuilder pro %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: urce license de VMware InstallBuilder pour%1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2522085334.0000000006985000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: valuation de VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517881136.000000000676A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: lt a VMware InstallBuilder Open Source licenc
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder za %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2371980455.000000000581F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: $com.vmware.installbuilder.installer
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2499729911.0000000005E25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: maui::util::Hgstt .tkshell {About VMware InstallBuilder} {}
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521565958.0000000006943000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: eDibuat dengan versi evaluasi VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ion av VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: des VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: nga Burim i hapur i VMware InstallBuilder p
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: erto de VMware InstallB
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avec une licence OpenSource license de VMware InstallBuilder pour %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Gemaakt met een Open Source-licentie van VMware InstallBuilder voor %1$sr.Parameter.KeyFile.explanation=Geef het sleutelbestand voor de installtie van ${product_fullname} aan
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Izveidots ar VMware InstallBuilder izm
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: qErstellt mit einer Testversion des VMware InstallBuilderp-Programms l
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2522085334.0000000006985000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder tresnak %1$s-(e)rako kode irekiko lizentziarekin irekitzen da
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: de VMware InstallBuilderintreg sistemul pot fi create numai de catre un administrtornten die u niet wilt verwijderen. Klik op Volgende als u klaar bent om door te gaan.
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2522085334.0000000006985000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder tresnaren ebaluazio-bertsioarekin sortu da
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: n de VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519966435.0000000006872000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Kreiran sa Open Source licencom od VMware InstallBuilder-a za %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: wCreated with an evaluation version of VMware InstallBuilder error occurred when locating command '%1$s'
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Created with an Open Source license of VMware InstallBuilder for %1$slation.GetWindowsAccountRights=Unable to get account rights for %1$sInstaller.Launch.Product=Launch ${project.fullName} now
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: n de VMware InstallBuilderctorio: no se ha definido el destino
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2510586587.00000000063EB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder for %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: av VMware InsallBuilder f
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2459696924.0000000004680000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: wCreated with an evaluation version of VMware InstallBuilder%1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: del VMware InstallBuilder per a %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder %1$s.
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: verzi VMware InstallBuildern ble ikke modifisertere
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uIzveidots ar VMware InstallBuilder izm
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2499233771.0000000005DE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ::maui::ACCxm::FnRqcil::Hgstt .tkshell {About VMware InstallBuilder} {}
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2510586587.00000000063EB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ereen! VMware InstallBuilder for %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2369447178.000000000451E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder HTTP Client
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2522085334.0000000006985000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: uVMware InstallBuilder synag go
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: nse de VMware InstallB
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2502846412.0000000005FF6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder Installer\a
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: de VMware InstallBuildertori: no s'ha definit la destinaci
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Izdelano z odprtokodno licenco VMware InstallBuilder za %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521565958.0000000006943000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder un
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2439090395.0000000000AE0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517881136.000000000676A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallB
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kCreat cu o versiune de evaluare VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Source license de VMware InstallBuilder pour %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: urce license de VMware InstallBuilde
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2371746703.0000000006A9B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Only available for Windows installers; if enabled, it will use %LOCALAPPDATA%\VMware\Temporary for temporary files
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517881136.000000000676A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: wersji demonstracyjnej programu VMware InstallBuilderxt=Sprawdzanie Aktualizacji
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521051201.0000000006900000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2459696924.0000000004680000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Created with an Open Source license of VMware InstallBuilder for %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: llicens av VMware InstallBuilder f
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: lt a VMware InstallBuilder pr
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2519469272.0000000006830000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: io af VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2459696924.0000000004680000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Created with an evaluation version of VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517881136.000000000676A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder for %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2517360342.0000000006728000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Erstellt mit einer Open Source Lizenz von VMware InstallBuilder f
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2522085334.0000000006985000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Dibuat dengan lisensi Sumber Terbuka VMware InstallBuilder untuk %1$s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516299034.00000000066A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: de VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2515781872.0000000006662000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: wCreated with an evaluation version of VMware InstallBuilder
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2520520872.00000000068BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: in VMware InstallBuilder'in A
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: wCreated with an evaluation version of VMware InstallBuilder, a Configura
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2499729911.0000000005E25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: maui::util::Hgstt . {About VMware InstallBuilder} {}
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2465764424.0000000004AA1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: defaultValue {VMware InstallBuilder}
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2461186931.0000000004794000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <string>VMware InstallBuilder</string>
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2516831356.00000000066E6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Loodud kasutades VMware InstallBuilderi prooviversiooni
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2521565958.0000000006943000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder-in s
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2522085334.0000000006985000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware InstallBuilder synag go
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2369447178.000000000451E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "VMware InstallBuilder HTTP ClientU
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_10027014 LoadLibraryA,GetProcAddress,14_2_10027014
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_1003F39C GetProcessHeap,HeapAlloc,14_2_1003F39C
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_51FF1F30 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_51FF1F30
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_52003D30 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_52003D30
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_63102740 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_63102740
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_63983070 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_63983070
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_6608D5A0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_6608D5A0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_66683CC0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_66683CC0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_66C09560 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_66C09560
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_67CDDBA0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_67CDDBA0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_67E0EC60 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_67E0EC60
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_6A19AFE0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_6A19AFE0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_6C581DF0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_6C581DF0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_6CA020A0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_6CA020A0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_710D08B0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,14_2_710D08B0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_100094F1 LogonUserW,CreateDesktopW,GetProfileIntW,GetPrivateProfileIntW,NetLocalGroupAdd,NetGroupAdd,LookupPrivilegeValueW,LookupPrivilegeDisplayNameW,OpenSCManagerW,NetSessionDel,FindWindowW,SetVolumeMountPointW,DefineDosDeviceW,SetVolumeLabelW,MoveFileExW,RegisterEventSourceW,RemoveFontResourceExW,CreateScalableFontResourceW,OpenBackupEventLogW,OpenEventLogW,14_2_100094F1
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_1002D7EC InitializeSecurityDescriptor,SetSecurityDescriptorControl,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,SetSecurityDescriptorDacl,SetSecurityDescriptorSacl,14_2_1002D7EC
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2465312466.0000000004A5F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dde execute progman progman [format {[ShowGroup("%s",6)]} $tCByq]
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2465312466.0000000004A5F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dde execute PROGMAN PROGMAN [format {[DeleteGroup("%s")]} $::maui::UCmrK::Bidth]
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2465312466.0000000004A5F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ::maui::metadataObject::ADdvoAN PROGMAN [format {[DeleteGroup("%s")]} $::maui::
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2469443358.0000000004CE6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dde execute PROGMAN PROGMAN [format {[AddItem ("%s" %s,%s,,,,,"%s")]} $Dwy2A $LBLLO $name $n1aXo]
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2465312466.0000000004A5F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AN PROGMAN [format {[DeleteGroup("%s")]} $::maui::
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2487190765.00000000056D4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dde execute PROGMAN PROGMAN
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2469443358.0000000004CE6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dde execute PROGMAN PROGMAN [format {[AddItem ("%s" %s,%s,"%s",,,,"%s")]} $Dwy2A $LBLLO $name $WfzhF $n1aXo]
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2465312466.0000000004A5F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dde execute PROGMAN PROGMAN [format {[CreateGroup("%s")]} $tCByq]
Source: Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2465312466.0000000004A5F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: catch {dde execute PROGMAN PROGMAN [format {[DeleteGroup("%s")]} $tCByq]}
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: SetConsoleOutputCP,SetConsoleCP,GetStdHandle,GetClipboardFormatNameW,GetClipboardData,IsClipboardFormatAvailable,Sleep,GetSystemMetrics,GetComputerNameExW,SetThreadExecutionState,GetThreadDesktop,GetKeyState,GetAsyncKeyState,ImpersonateSelf,UuidCreate,SetCaretBlinkTime,SetLastError,GlobalDeleteAtom,GetLastError,ProcessIdToSessionId,Sleep,MessageBeep,SetCursorPos,SetCaretPos,MapVirtualKeyA,Beep,GetLocaleInfoW,GenerateConsoleCtrlEvent,ExitWindowsEx,AttachThreadInput,OpenInputDesktop,OpenThread,OpenProcess,CreateRoundRectRgn,CreateEllipticRgn,Shell_NotifyIconW,GetModuleHandleExW,SetStdHandle,SetClipboardData,LHashValOfNameSys,GlobalAlloc,CreateConsoleScreenBuffer,14_2_100068E3
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_10019AC8 SetupDiGetDeviceRegistryPropertyW,GetLastError,SetupDiGetDeviceRegistryPropertyW,14_2_10019AC8
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductIdJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeQueries volume information: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeQueries volume information: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeKey value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation BiasJump to behavior
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_10021D70 CreateNamedPipeW,CreateEventA,CreateEventA,CreateEventA,wsprintfA,GetLastError,14_2_10021D70
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_10002030 GetSystemTimeAsFileTime,14_2_10002030
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_1002DD6C LookupAccountNameW,GetLastError,LookupAccountNameW,GetLastError,lstrlenW,lstrlenW,memcpy,memcpy,14_2_1002DD6C
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_100023F0 GetTimeZoneInformation,14_2_100023F0
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_10025FF4 GetVersionExW,14_2_10025FF4
Source: C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exeCode function: 14_2_100144FC OleRun,CLSIDFromString,VariantInit,GetRecordInfoFromTypeInfo,RegisterTypeLib,CLSIDFromString,VariantInit,VariantInit,CLSIDFromString,LoadRegTypeLib,UnRegisterTypeLib,QueryPathOfRegTypeLib,GetRecordInfoFromGuids,CreateBindCtx,CreateFileMoniker,LoadTypeLibEx,CLSIDFromString,CoCreateInstance,CLSIDFromProgID,ProgIDFromCLSID,GetActiveObject,CoGetObject,SysFreeString,SysFreeString,SysFreeString,14_2_100144FC

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure2
Valid Accounts		1
Native API		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		11
Input Capture		12
System Time Discovery		Remote Services1
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts2
Command and Scripting Interpreter		1
Create Account		2
Valid Accounts		2
Obfuscated Files or Information		LSASS Memory1
Peripheral Device Discovery		Remote Desktop Protocol11
Input Capture		Junk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts12
Service Execution		2
Valid Accounts		21
Access Token Manipulation		1
Timestomp		Security Account Manager1
Account Discovery		SMB/Windows Admin Shares3
Clipboard Data		SteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron14
Windows Service		14
Windows Service		1
DLL Side-Loading		NTDS1
System Service Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchd1
Registry Run Keys / Startup Folder		3
Process Injection		1
Masquerading		LSA Secrets1
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
Registry Run Keys / Startup Folder		2
Valid Accounts		Cached Domain Credentials65
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Virtualization/Sandbox Evasion		DCSync1
Query Registry		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
Access Token Manipulation		Proc Filesystem11
Security Software Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt3
Process Injection		/etc/passwd and /etc/shadow1
Virtualization/Sandbox Evasion		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
Indicator Removal		Network Sniffing2
Process Discovery		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchdStripped PayloadsInput Capture1
Application Window Discovery		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled TaskEmbedded PayloadsKeylogging1
System Owner/User Discovery		Taint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://physlets.org/tracker/installers/download.php?file=Tracker-6.2.0-windows-x64-installer.exe0%Avira URL Cloudsafe

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD51C.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD57B.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD5DA.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD5FA.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD60B.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD63B.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD64B.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD7E3.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD9C8.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRD9E8.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRDE3F.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRDE4F.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRDE60.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\BRL00001ffc\BRDE70.tmp0%ReversingLabs
C:\Users\user\Downloads\Tracker-6.2.0-windows-x64-installer.exe (copy)0%ReversingLabs
C:\Users\user\Downloads\Unconfirmed 415754.crdownload0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.opensourcephysics.org/0%Avira URL Cloudsafe
http://tcl.sf.net0%Avira URL Cloudsafe
https://update.bitrock.com/api/1_00%Avira URL Cloudsafe
http://support.micr0%Avira URL Cloudsafe
http://wiki.tcl.tk/0%Avira URL Cloudsafe
http://www.tdom.org0%Avira URL Cloudsafe
http://download.bitrock.com/feedback.phpsions0%Avira URL Cloudsafe
http://www.cabrillo.edu/~dbrown/tracker/0%Avira URL Cloudsafe
http://www.inria.fr/koala/colas/0%Avira URL Cloudsafe
http://forum.java.sun.com/thread.jspa?threadID=426291&messageID=19970630%Avira URL Cloudsafe
http://www.activestate.com/tcl/0%Avira URL Cloudsafe
http://www.cs.wm.edu/~hallyn/des/weak0%Avira URL Cloudsafe
http://tkcon.sourceforge.net/0%Avira URL Cloudsafe
http://download.bitrock.com/feedback.php0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://tcl.sf.netTracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2477574053.000000000515A000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://forum.java.sun.com/thread.jspa?threadID=426291&messageID=1997063Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2360115787.000000000485B000.00000004.00000020.00020000.00000000.sdmp, Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2358925391.0000000004681000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.iana.org/assignments/character-setsTracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2457139415.000000000446C000.00000004.00000020.00020000.00000000.sdmpfalse
    		high
    http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/index.html#id3037154Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2456721225.0000000004462000.00000004.00000020.00020000.00000000.sdmp, Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2457469920.00000000044AE000.00000004.00000020.00020000.00000000.sdmpfalse
      		high
      http://wiki.tcl.tk/Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2500277412.0000000005EAC000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.inria.fr/koala/colas/Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2449589557.0000000003913000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.freedesktop.org/standards/shared-mime-infoTracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2526999767.0000000006C67000.00000004.00000020.00020000.00000000.sdmpfalse
        		high
        http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/index.html#id3037154ds_disconnect_seTracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2456721225.0000000004462000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          http://support.micrTracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2454125617.0000000004228000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.tdom.orgTracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2457139415.000000000446C000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://blogs.msdn.com/b/oldnewthing/archive/2004/01/30/65013.aspxTracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2456364654.00000000043E8000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            http://www.opensourcephysics.org/Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2533012351.0000000006F36000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://download.bitrock.com/feedback.phpsionsTracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2522807560.0000000006A0C000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://update.bitrock.com/api/1_0Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2375511893.0000000005E69000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.google.comTracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2454903992.00000000042CE000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              http://www.cabrillo.edu/~dbrown/tracker/Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2533012351.0000000006F36000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://tkcon.sourceforge.net/Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2496434277.0000000005C52000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.activestate.com/tcl/Tracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2477574053.000000000515A000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://blogs.msdn.com/oldnewthing/archive/2003/08/21/54675.aspxTracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2454456239.0000000004277000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                http://www.cs.wm.edu/~hallyn/des/weakTracker-6.2.0-windows-x64-installer.exe, 0000000E.00000003.2359857859.000000000430C000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://download.bitrock.com/feedback.phpTracker-6.2.0-windows-x64-installer.exe, 0000000E.00000002.2489513186.0000000005867000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                142.250.186.78
                		unknownUnited States
                		15169GOOGLEUSfalse
                165.227.222.255
                		unknownUnited States
                		14061DIGITALOCEAN-ASNUSfalse
                1.1.1.1
                		unknownAustralia
                		13335CLOUDFLARENETUSfalse
                108.177.15.84
                		unknownUnited States
                		15169GOOGLEUSfalse
                239.255.255.250
                		unknownReserved
                		unknownunknownfalse
                216.58.212.142
                		unknownUnited States
                		15169GOOGLEUSfalse
                142.250.186.163
                		unknownUnited States
                		15169GOOGLEUSfalse
                172.217.18.4
                		unknownUnited States
                		15169GOOGLEUSfalse
                142.250.185.227
                		unknownUnited States
                		15169GOOGLEUSfalse

                Private

                IP
                192.168.2.16
                192.168.2.4

                General Information

                Joe Sandbox version:41.0.0 Charoite
                Analysis ID:1558892
                Start date and time:2024-11-19 22:46:35 +01:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 7m 1s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:defaultwindowsinteractivecookbook.jbs
                Sample URL:https://physlets.org/tracker/installers/download.php?file=Tracker-6.2.0-windows-x64-installer.exe
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:15
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Detection:CLEAN
                Classification:clean19.win@22/23@0/11
                EGA Information:
                • Successful, ratio: 100%
                HCA Information:
                • Successful, ratio: 82%
                • Number of executed functions: 29
                • Number of non-executed functions: 237

                Warnings

                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                • Not all processes where analyzed, report is missing behavior information
                • Report size exceeded maximum capacity and may have missing disassembly code.
                • Skipping network analysis since amount of network traffic is too extensive
                • VT rate limit hit for: https://physlets.org/tracker/installers/download.php?file=Tracker-6.2.0-windows-x64-installer.exe

                Simulations

                Behavior and APIs

                No simulations