Windows Analysis Report
LexusXA Installer.msi

Overview

General Information

Sample name: LexusXA Installer.msi
Analysis ID: 1565536
MD5: 4a4cda00a1e1a32986cc1130d7db54ca
SHA1: 57bd34c1c3372dd72d5c7ddcaa5bfb1dc387f4e2
SHA256: 5d2ab1efe433963996b35b16231631e7a69a8f7c951b25009626111fbc23d560
Tags: msiStealeruser-kafan_shengui
Infos:

Detection

Score: 32
Range: 0 - 100
Whitelisted: false
Confidence: 0%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Creates an undocumented autostart registry key
Tries to harvest and steal browser information (history, passwords, etc)
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Extensive use of GetProcAddress (often used to hide API calls)
File is packed with WinRar
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Multi AV Scanner detection for dropped file
Source: C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exe ReversingLabs: Detection: 33%
Source: C:\Users\user\AppData\Local\Programs\Lexus\is-LOG4N.tmp ReversingLabs: Detection: 37%
Source: C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exe (copy) ReversingLabs: Detection: 37%
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe ReversingLabs: Detection: 41%
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe ReversingLabs: Detection: 36%
Multi AV Scanner detection for submitted file
Source: LexusXA Installer.msi ReversingLabs: Detection: 18%
Source: LexusXA Installer.msi Virustotal: Detection: 11% Perma Link
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3ED9554-CBB3-415C-8158-443CAC428D41}_is1 Jump to behavior
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962475488.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962750449.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wextract.pdb source: version-iexpress-x64.exe, 0000000A.00000000.1915420288.00007FF7CC9C9000.00000002.00000001.01000000.00000008.sdmp, version-iexpress-x64.exe, 0000000A.00000002.2071306434.00007FF7CC9C9000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960330766.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2060138074.00007FFE01455000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960887245.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.12.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960080081.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961783900.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962302905.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962835732.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: version-checker-won-x64.exe, 0000000D.00000002.2056183537.00007FFDF9E69000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: version-checker-won-x64.exe, 0000000C.00000003.1957144635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2066115279.00007FFE13313000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb** source: version-checker-won-x64.exe, 0000000D.00000002.2058999517.00007FFE002A1000.00000002.00000001.01000000.00000037.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\win32crypt.pdb!! source: version-checker-won-x64.exe, 0000000D.00000002.2059256900.00007FFE00712000.00000002.00000001.01000000.00000036.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1959047757.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960564952.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1957339046.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2065487704.00007FFE12E15000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961955049.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961618337.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962228941.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2065890283.00007FFE13211000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1958719632.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2064719044.00007FFE11BC7000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960154808.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.12.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961127995.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1959913414.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960242326.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1957466313.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2062840065.00007FFE101D8000.00000002.00000001.01000000.0000001F.sdmp
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962142068.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.12.dr
Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2062308333.00007FFE0CFD2000.00000002.00000001.01000000.00000021.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1958900969.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2063199368.00007FFE1025C000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1957714044.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2063435354.00007FFE1030E000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961375118.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdbUGP source: version-checker-won-x64.exe, 0000000D.00000002.2060138074.00007FFE01455000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1959381736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2064850176.00007FFE11BE9000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: LexusXA Installer.msi, MSI2254.tmp.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: version-checker-won-x64.exe, 0000000C.00000003.1957339046.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2065487704.00007FFE12E15000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1963013495.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: version-checker-win-x64.exe, 0000000B.00000000.1929652033.0000000000E62000.00000002.00000001.01000000.00000009.sdmp, version-checker-win-x64.exe, 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2056908268.00007FFDFA3B1000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960491736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1973523609.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2058593248.00007FFDFF27F000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: wextract.pdbGCTL source: version-iexpress-x64.exe, 0000000A.00000000.1915420288.00007FF7CC9C9000.00000002.00000001.01000000.00000008.sdmp, version-iexpress-x64.exe, 0000000A.00000002.2071306434.00007FF7CC9C9000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\win32evtlog.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1975204597.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: version-checker-won-x64.exe, 0000000D.00000002.2056183537.00007FFDF9F01000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: version-checker-won-x64.exe, 0000000D.00000002.2059871614.00007FFE01354000.00000002.00000001.01000000.0000001E.sdmp
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961701595.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.12.dr
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961050706.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\win32crypt.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2059256900.00007FFE00712000.00000002.00000001.01000000.00000036.sdmp
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960001370.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1959150635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2064540196.00007FFE11BB6000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962046130.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1957144635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2066115279.00007FFE13313000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2058435733.00007FFDFAAA5000.00000002.00000001.01000000.00000023.sdmp
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962565963.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960806630.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2058999517.00007FFE002A1000.00000002.00000001.01000000.00000037.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2056183537.00007FFDF9F01000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961297642.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1971640496.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2065222536.00007FFE120C3000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960967982.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1963099086.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961457620.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961870123.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961531762.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960418255.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: version-checker-won-x64.exe, 0000000C.00000003.1958900969.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2063199368.00007FFE1025C000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962663001.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960728484.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.12.dr
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1959261581.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2065006495.00007FFE11EA3000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1959824073.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2065673710.00007FFE130C4000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960649401.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: version-checker-won-x64.exe, 0000000C.00000003.1959824073.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2065673710.00007FFE130C4000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1969190982.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2046036710.000001690BE30000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2059871614.00007FFE01354000.00000002.00000001.01000000.0000001E.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962391189.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962927182.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2062469688.00007FFE0E16D000.00000002.00000001.01000000.0000001D.sdmp
Checks for available system drives (often done to infect USB drives)
Source: C:\Windows\System32\msiexec.exe File opened: z: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: x: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: v: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: t: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: r: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: p: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: n: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: l: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: j: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: h: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: f: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: b: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: y: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: w: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: u: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: s: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: q: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: o: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: m: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: k: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: i: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: g: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: e: Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe File opened: c: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: a: Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E3A2DF FindFirstFileW,FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError, 11_2_00E3A2DF
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E4AFB9 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW, 11_2_00E4AFB9
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8985A0 FindFirstFileExW,FindClose, 12_2_00007FF70E8985A0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8979B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW, 12_2_00007FF70E8979B0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8B0B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, 12_2_00007FF70E8B0B84
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E8985A0 FindFirstFileExW,FindClose, 13_2_00007FF70E8985A0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E8B0B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, 13_2_00007FF70E8B0B84
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E8979B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW, 13_2_00007FF70E8979B0
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 162.159.137.232 162.159.137.232
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: discord.com
Source: version-checker-won-x64.exe, 0000000D.00000002.2051813692.000001690F890000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://.../back.jpeg
Source: version-checker-won-x64.exe, 0000000D.00000003.2021504685.000001690E1BE000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049766731.000001690E8F0000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023290334.000001690E1E5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022534829.000001690E1DD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://aka.ms/vcpython27
Source: version-checker-won-x64.exe, 0000000D.00000003.2028000665.000001690F042000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025375069.000001690EC9A000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2031990055.000001690F04C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023786730.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026758927.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022657579.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027751530.000001690E4AA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051128788.000001690F05E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029275019.000001690EC9B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024951317.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033213915.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033144108.000001690F05E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021915884.000001690E4CA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033747209.000001690E4B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029251556.000001690F06B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024208209.000001690E49E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029203698.000001690E372000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033144108.000001690F043000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027842459.000001690EC9B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
Source: version-checker-won-x64.exe, 0000000C.00000003.1958401502.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958151722.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959688424.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969190982.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958900969.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957714044.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957466313.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958719632.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959824073.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969909352.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6C2000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959150635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968185471.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969031522.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968334997.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959047757.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959381736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971640496.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1973523609.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971923003.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: version-checker-won-x64.exe, 0000000C.00000003.1958401502.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958151722.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959688424.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969190982.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958900969.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957714044.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957466313.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958719632.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959824073.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969909352.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959150635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968185471.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969031522.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968334997.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959047757.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959381736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971640496.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1973523609.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971923003.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959518856.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: version-checker-won-x64.exe, 0000000C.00000003.1958401502.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958151722.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959688424.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969190982.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958900969.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957714044.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957466313.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958719632.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959824073.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969909352.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959150635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968185471.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969031522.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968334997.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959047757.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959381736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971640496.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1973523609.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971923003.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959518856.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: version-checker-won-x64.exe, 0000000C.00000003.1958401502.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958151722.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959688424.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969190982.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958900969.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957714044.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957466313.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958719632.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959824073.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969909352.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6C2000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959150635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968185471.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969031522.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968334997.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959047757.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959381736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971640496.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1973523609.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971923003.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: version-checker-won-x64.exe, 0000000D.00000003.1987507341.000001690E2D4000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029598317.000001690E190000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2036801140.000001690E190000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022657579.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027751530.000001690E4AA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027178460.000001690E18D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2038514501.000001690E2E9000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2030095591.000001690E2E8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026758927.000001690E2DE000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027049516.000001690E180000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021504685.000001690E17F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E2D3000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024951317.000001690E2D8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024208209.000001690E49E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027345442.000001690E4A0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024376750.000001690E2D3000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1987884739.000001690E17B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033861124.000001690E190000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
Source: version-checker-won-x64.exe, 0000000D.00000003.2043769110.000001690DD26000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037745717.000001690DD26000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027372770.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E41D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049304612.000001690E45D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037546902.000001690E45D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028853088.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022657579.000001690E45C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021332069.000001690DC9D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021826416.000001690DD23000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://code.activestate.com/recipes/577916/
Source: version-checker-won-x64.exe, 0000000D.00000003.2027073040.000001690E23E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E22C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2044901972.000001690EF0B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037283848.000001690E24C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2045256351.000001690EF17000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2041722394.000001690EF04000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2048893394.000001690E24F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020220145.000001690EF04000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024376750.000001690E23C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028404435.000001690E248000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: version-checker-won-x64.exe, 0000000D.00000003.2025592618.000001690D8CA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2041466247.000001690D8D5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2040691817.000001690D8D5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EF74000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028813355.000001690EF7F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2046833587.000001690D8D5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027929319.000001690D8D4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: version-checker-won-x64.exe, 0000000D.00000003.2031789546.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049146091.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037055858.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E379000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2045191524.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023097190.000001690E392000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E379000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2030694032.000001690E3BE000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023097190.000001690E392000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028167764.000001690E3B7000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2036002859.000001690E3E8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029515240.000001690E3B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl6e
Source: version-checker-won-x64.exe, 0000000D.00000003.2027073040.000001690E23E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E22C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2044901972.000001690EF0B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037283848.000001690E24C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2045256351.000001690EF17000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2041722394.000001690EF04000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2048893394.000001690E24F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020220145.000001690EF04000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024376750.000001690E23C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028404435.000001690E248000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: version-checker-won-x64.exe, 0000000D.00000002.2050355046.000001690EF15000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: version-checker-won-x64.exe, 0000000D.00000003.2026137420.000001690EF83000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EF74000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2032229947.000001690EF8E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028813355.000001690EF8C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: version-checker-won-x64.exe, 0000000D.00000003.2044901972.000001690EF0B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2041722394.000001690EF04000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020220145.000001690EF04000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2050355046.000001690EF15000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: version-checker-won-x64.exe, 0000000D.00000003.2037354552.000001690EC3F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037848729.000001690EC40000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: version-checker-won-x64.exe, 0000000D.00000002.2050355046.000001690EF15000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EF74000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028813355.000001690EF7F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: version-checker-won-x64.exe, 0000000C.00000003.1958401502.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958151722.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959688424.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969190982.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958900969.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957714044.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957466313.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958719632.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959824073.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969909352.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6C2000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959150635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968185471.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969031522.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968334997.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959047757.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959381736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971640496.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1973523609.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971923003.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: version-checker-won-x64.exe, 0000000C.00000003.1958401502.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958151722.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959688424.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969190982.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958900969.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957714044.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957466313.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958719632.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959824073.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969909352.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959150635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968185471.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969031522.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968334997.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959047757.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959381736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971640496.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1973523609.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971923003.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959518856.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: version-checker-won-x64.exe, 0000000C.00000003.1958401502.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958151722.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959688424.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969190982.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958900969.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957714044.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957466313.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958719632.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959824073.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969909352.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959150635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968185471.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969031522.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968334997.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959047757.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959381736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971640496.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1973523609.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971923003.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959518856.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: version-checker-won-x64.exe, 0000000C.00000003.1969031522.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG
Source: _decimal.pyd.12.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: version-checker-won-x64.exe, 0000000C.00000003.1958401502.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958151722.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959688424.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969190982.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958900969.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957714044.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957466313.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958719632.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959824073.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969909352.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959150635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968185471.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969031522.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968334997.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959047757.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959381736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971640496.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1973523609.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971923003.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959518856.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: version-checker-won-x64.exe, 0000000D.00000003.2028000665.000001690F042000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025375069.000001690EC9A000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029275019.000001690EC9B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033144108.000001690F043000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027842459.000001690EC9B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2030725841.000001690EC9F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2032640715.000001690ECA8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
Source: version-checker-won-x64.exe, 0000000D.00000003.2028000665.000001690F042000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2031990055.000001690F04C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026758927.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051128788.000001690F05E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024951317.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033144108.000001690F05E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029203698.000001690E372000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
Source: version-checker-won-x64.exe, 0000000D.00000003.2023786730.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022657579.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027751530.000001690E4AA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033213915.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021915884.000001690E4CA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033747209.000001690E4B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024208209.000001690E49E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027345442.000001690E4A0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026408768.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
Source: version-checker-won-x64.exe, 0000000D.00000003.2028000665.000001690F042000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2030490430.000001690ED31000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2048348576.000001690E114000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2052188486.000001690F960000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051813692.000001690F890000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033144108.000001690F043000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2036409532.000001690ED31000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051063182.000001690F024000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2032523874.000001690E111000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051670622.000001690F730000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020473939.000001690ED22000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051813692.000001690F8D4000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2034548919.000001690E114000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
Source: version-checker-won-x64.exe, 0000000D.00000002.2051670622.000001690F730000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: version-checker-won-x64.exe, 0000000D.00000002.2049878706.000001690EB30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.kill
Source: version-checker-won-x64.exe, 0000000D.00000002.2049766731.000001690E8F0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.returncode
Source: version-checker-won-x64.exe, 0000000D.00000002.2049878706.000001690EB30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://docs.python.org/3/library/subprocess#subprocess.Popen.terminate
Source: version-checker-won-x64.exe, 0000000D.00000002.2049500330.000001690E5F0000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051466610.000001690F530000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://docs.python.org/library/itertools.html#recipes
Source: version-checker-won-x64.exe, 0000000D.00000003.2031121971.000001690E2D3000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2041068208.000001690E2D3000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E2D3000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2042476755.000001690E2D3000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024376750.000001690E2D3000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2039655953.000001690E2D3000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025222399.000001690E2D3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://docs.python.org/library/unittest.html
Source: version-checker-won-x64.exe, 0000000D.00000003.1988066383.000001690E23F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049679813.000001690E7F0000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051466610.000001690F530000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1987702733.000001690E23A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://foo/bar.tar.gz
Source: version-checker-won-x64.exe, 0000000D.00000003.1988066383.000001690E23F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049679813.000001690E7F0000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051466610.000001690F530000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1987702733.000001690E23A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://foo/bar.tgz
Source: version-checker-won-x64.exe, 0000000D.00000003.2026408768.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028853088.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021332069.000001690DC9D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037307152.000001690E458000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021826416.000001690DD23000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://google.com/
Source: version-checker-won-x64.exe, 0000000D.00000003.2043769110.000001690DD26000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037745717.000001690DD26000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023786730.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033213915.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027372770.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021915884.000001690E4CA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026408768.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028853088.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021332069.000001690DC9D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021826416.000001690DD23000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://google.com/mail
Source: version-checker-won-x64.exe, 0000000D.00000003.2037307152.000001690E458000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2032640715.000001690ECA8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://google.com/mail/
Source: version-checker-won-x64.exe, 0000000D.00000003.2025375069.000001690EC9A000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2050095522.000001690EC9F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029275019.000001690EC9B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E379000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023097190.000001690E392000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2038793468.000001690EC9F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027842459.000001690EC9B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029515240.000001690E3B0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2030725841.000001690EC9F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: version-checker-won-x64.exe, 0000000D.00000003.2023786730.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022657579.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027751530.000001690E4AA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033213915.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2042621168.000001690E4C0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021915884.000001690E4CA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033747209.000001690E4B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024208209.000001690E49E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2036754456.000001690E4C0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027345442.000001690E4A0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026408768.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://httpbin.org/
Source: version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EF74000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026014257.000001690EFAA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.accv.es
Source: version-checker-won-x64.exe, 0000000D.00000003.2026231439.000001690EFB7000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EF74000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026014257.000001690EFAA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028710563.000001690EFBF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.accv.es0
Source: version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EF74000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026014257.000001690EFAA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.accv.esh
Source: version-checker-won-x64.exe, 0000000C.00000003.1958401502.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.di
Source: version-checker-won-x64.exe, 0000000C.00000003.1958401502.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958151722.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959688424.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969190982.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958900969.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957714044.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957466313.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958719632.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959824073.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969909352.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959150635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968185471.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969031522.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968334997.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959047757.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959381736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971640496.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1973523609.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971923003.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959518856.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0
Source: version-checker-won-x64.exe, 0000000C.00000003.1958401502.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958151722.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959688424.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969190982.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958900969.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957714044.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957466313.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958719632.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959824073.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969909352.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6C2000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959150635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968185471.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969031522.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968334997.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959047757.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959381736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971640496.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1973523609.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971923003.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0A
Source: version-checker-won-x64.exe, 0000000C.00000003.1958401502.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958151722.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959688424.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969190982.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958900969.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957714044.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957466313.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958719632.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959824073.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969909352.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6C2000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959150635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968185471.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969031522.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968334997.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959047757.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959381736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971640496.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1973523609.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971923003.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0C
Source: version-checker-won-x64.exe, 0000000C.00000003.1958401502.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958151722.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959688424.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969190982.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958900969.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957714044.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957466313.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958719632.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959824073.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969909352.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959150635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968185471.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969031522.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968334997.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959047757.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959381736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971640496.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1973523609.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971923003.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959518856.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0X
Source: version-checker-won-x64.exe, 0000000D.00000002.2051466610.000001690F530000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
Source: version-checker-won-x64.exe, 0000000D.00000003.2031789546.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049146091.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2038064522.000001690D93B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037055858.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E379000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2045191524.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2030966298.000001690D92B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023097190.000001690E392000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021795878.000001690D928000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2035974226.000001690D937000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024265870.000001690D92A000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029414073.000001690D92A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://repository.swisssign.com/
Source: version-checker-won-x64.exe, 0000000D.00000003.2031789546.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049146091.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037055858.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E379000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2045191524.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023097190.000001690E392000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://repository.swisssign.com/.pV
Source: version-checker-won-x64.exe, 0000000D.00000003.2037848729.000001690EC3A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://repository.swisssign.com/3
Source: version-checker-won-x64.exe, 0000000D.00000003.2031789546.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049146091.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037055858.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E379000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2045191524.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023097190.000001690E392000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://repository.swisssign.com/:pz
Source: version-checker-won-x64.exe, 0000000D.00000003.2043576857.000001690EE18000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026758927.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024951317.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026137420.000001690EF83000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2031418055.000001690EDF8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020220145.000001690EDE7000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2030095591.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EF74000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2031316416.000001690EDF7000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2034945338.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2036167838.000001690E36C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2032229947.000001690EF8E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028813355.000001690EF8C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049095617.000001690E36D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://tools.ietf.org/html/rfc4880
Source: version-checker-won-x64.exe, 0000000D.00000002.2052188486.000001690FA28000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2053184582.000001690FA30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://tools.ietf.org/html/rfc5297
Source: version-checker-won-x64.exe, 0000000D.00000003.2022657579.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027751530.000001690E4AA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024208209.000001690E49E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2036754456.000001690E4AC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027345442.000001690E4A0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2035895903.000001690E4AC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://tools.ietf.org/html/rfc5869
Source: version-checker-won-x64.exe, 0000000D.00000002.2051670622.000001690F730000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: version-checker-won-x64.exe, 0000000D.00000003.2028000665.000001690F042000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2035264922.000001690F071000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029251556.000001690F06B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2039483056.000001690F071000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
Source: version-checker-won-x64.exe, 0000000D.00000003.2026231439.000001690EFB7000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EF74000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026014257.000001690EFAA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028710563.000001690EFBF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: version-checker-won-x64.exe, 0000000D.00000003.2031789546.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049146091.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037055858.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E379000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2045191524.000001690E393000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023097190.000001690E392000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: version-checker-won-x64.exe, 0000000D.00000003.2026231439.000001690EFB7000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EF74000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026014257.000001690EFAA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028710563.000001690EFBF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: version-checker-won-x64.exe, 0000000D.00000003.2026137420.000001690EF83000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027159440.000001690EFA5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EF74000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026461971.000001690EF98000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: version-checker-won-x64.exe, 0000000D.00000003.2026231439.000001690EFB7000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EF74000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026014257.000001690EFAA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028710563.000001690EFBF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: version-checker-won-x64.exe, 0000000D.00000003.2026137420.000001690EF83000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026231439.000001690EFB7000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027159440.000001690EFA5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EF74000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026014257.000001690EFAA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028710563.000001690EFBF000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026461971.000001690EF98000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.accv.es00
Source: version-checker-won-x64.exe, 0000000D.00000002.2051364495.000001690F430000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: version-checker-won-x64.exe, 0000000D.00000003.2028141253.000001690EFDA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2032585621.000001690E3B8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E379000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026231439.000001690EFC4000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023097190.000001690E392000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028167764.000001690E3B7000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026014257.000001690EFC4000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EFC4000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029515240.000001690E3B8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026954662.000001690EFCB000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033594613.000001690E3B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: version-checker-won-x64.exe, 0000000D.00000003.2032585621.000001690E3B8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E379000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023097190.000001690E392000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028167764.000001690E3B7000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029515240.000001690E3B8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033594613.000001690E3B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.cert.fnmt.es/dpcs//T_
Source: version-checker-won-x64.exe, 0000000D.00000003.2028000665.000001690F042000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026758927.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024951317.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029251556.000001690F06B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029203698.000001690E372000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
Source: version-checker-won-x64.exe, 0000000C.00000003.1958401502.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958151722.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959688424.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969190982.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958900969.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957714044.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1957466313.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1958719632.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959824073.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969909352.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959150635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968185471.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1969031522.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1968334997.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959047757.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959381736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971640496.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1973523609.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1967138394.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1971923003.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1959518856.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.digicert.com/CPS0
Source: version-checker-won-x64.exe, 0000000D.00000003.2023063517.000001690E146000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2050355046.000001690EF96000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026137420.000001690EF83000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025471162.000001690E167000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037919149.000001690E170000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2048554223.000001690E170000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027140422.000001690EF93000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EF74000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2036214271.000001690E16F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2043071996.000001690EF96000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2032229947.000001690EF96000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037235460.000001690E170000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023667297.000001690E14E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: version-checker-won-x64.exe, 0000000D.00000003.2023063517.000001690E146000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2030319144.000001690E163000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027002297.000001690E152000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023667297.000001690E14E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2048531223.000001690E164000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: version-checker-won-x64.exe, 0000000D.00000003.2044901972.000001690EF0B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2041722394.000001690EF04000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020220145.000001690EF04000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.quovadisglobal.com/cps
Source: version-checker-won-x64.exe, 0000000D.00000003.2022657579.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027751530.000001690E4AA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024208209.000001690E49E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2036754456.000001690E4AC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027345442.000001690E4A0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2035895903.000001690E4AC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: version-checker-won-x64.exe, 0000000D.00000003.2028000665.000001690F042000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2035264922.000001690F071000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029251556.000001690F06B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2039483056.000001690F071000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.rfc-editor.org/info/rfc7253
Source: version-checker-won-x64.exe, 0000000D.00000003.2026758927.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024951317.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2030095591.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2034945338.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2036167838.000001690E36C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049095617.000001690E36D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
Source: version-checker-won-x64.exe, 0000000D.00000003.2027515139.000001690ECE4000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025757473.000001690ECE4000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2043873163.000001690ECE4000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2034665540.000001690ECE4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://wwwsearch.sf.net/):
Source: version-checker-won-x64.exe, 0000000D.00000003.2043769110.000001690DD26000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037745717.000001690DD26000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023786730.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033213915.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027372770.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021915884.000001690E4CA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026408768.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028853088.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021332069.000001690DC9D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021826416.000001690DD23000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://yahoo.com/
Source: version-checker-won-x64.exe, 0000000D.00000002.2049500330.000001690E5F0000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049413398.000001690E4F0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://bugs.python.org/issue44497.
Source: version-checker-won-x64.exe, 0000000D.00000002.2051567757.000001690F630000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://cloud.google.com/appengine/docs/standard/runtimes
Source: version-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cryptography.io
Source: version-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cryptography.io/
Source: version-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cryptography.io/en/latest/changelog/
Source: version-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cryptography.io/en/latest/installation/
Source: version-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cryptography.io/en/latest/security/
Source: version-checker-won-x64.exe, 0000000D.00000002.2052188486.000001690F988000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051364495.000001690F430000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://discord.com/api/webhooks/1300091596917706774/6W6k6jJTJpU-G3EqaMlutiYbjLX_dzALpTX2CQKxP71IpXm
Source: version-checker-won-x64.exe, 0000000D.00000003.2021297220.000001690DDA4000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023518940.000001690DDA8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1987569440.000001690DDA8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029300103.000001690DDB2000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025856384.000001690DDAF000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028261612.000001690DDB0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: version-checker-won-x64.exe, 0000000D.00000003.1977287808.000001690D983000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1977187086.000001690D96E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2046569910.000001690D770000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://docs.python.org/3/howto/mro.html.
Source: version-checker-won-x64.exe, 0000000D.00000003.2037919149.000001690E168000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023063517.000001690E146000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025471162.000001690E167000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023667297.000001690E14E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://docs.python.org/3/library/multiprocessing.html
Source: version-checker-won-x64.exe, 0000000D.00000002.2051813692.000001690F890000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
Source: version-checker-won-x64.exe, 0000000D.00000002.2049500330.000001690E5F0000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049591335.000001690E6F0000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051466610.000001690F530000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
Source: version-checker-won-x64.exe, 0000000D.00000003.2020473939.000001690ED47000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2030397875.000001690ED5A000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2031279656.000001690ED8C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: version-checker-won-x64.exe, 0000000D.00000003.2045741230.000001690D8D8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025592618.000001690D8CA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2046858808.000001690D8D8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028356036.000001690D8D7000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027929319.000001690D8D4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: version-checker-won-x64.exe, 0000000D.00000002.2049591335.000001690E6F0000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051466610.000001690F530000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
Source: version-checker-won-x64.exe, version-checker-won-x64.exe, 0000000D.00000002.2059319622.00007FFE0071F000.00000002.00000001.01000000.00000036.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2059169501.00007FFE002B2000.00000002.00000001.01000000.00000037.sdmp String found in binary or memory: https://github.com/mhammond/pywin32
Source: version-checker-won-x64.exe, 0000000D.00000002.2051466610.000001690F530000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/platformdirs/platformdirs
Source: version-checker-won-x64.exe, 0000000D.00000002.2052188486.000001690F930000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/psf/requests/pull/6710
Source: version-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/pyca/cryptography
Source: version-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/pyca/cryptography/
Source: version-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
Source: version-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/pyca/cryptography/issues
Source: version-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
Source: version-checker-won-x64.exe, 0000000D.00000002.2051567757.000001690F630000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/pypa/packaging
Source: version-checker-won-x64.exe, 0000000D.00000002.2049500330.000001690E5F0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/pypa/packaging0
Source: version-checker-won-x64.exe, 0000000D.00000002.2048235604.000001690DFF0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/pypa/setuptools/issues/1024.
Source: version-checker-won-x64.exe, 0000000D.00000002.2048059883.000001690DDF0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/pypa/setuptools/issues/417#issuecomment-392298401
Source: version-checker-won-x64.exe, 0000000D.00000002.2048148396.000001690DEF0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/pypa/setuptools/issues/new?template=distutils-deprecation.yml
Source: version-checker-won-x64.exe, 0000000D.00000002.2048148396.000001690DEF0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/pypa/setuptools/issues/new?template=distutils-deprecation.yml0;
Source: version-checker-won-x64.exe, 0000000D.00000002.2046569910.000001690D6F0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: version-checker-won-x64.exe, 0000000D.00000003.2027929319.000001690D8D4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: version-checker-won-x64.exe, 0000000D.00000003.2045741230.000001690D8D8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025592618.000001690D8CA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2046858808.000001690D8D8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028356036.000001690D8D7000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027929319.000001690D8D4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: version-checker-won-x64.exe, 0000000D.00000003.2022565045.000001690DC9D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1985376616.000001690D95A000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1985518241.000001690DDA9000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027372770.000001690DD1A000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1987955573.000001690DC9D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024027218.000001690DC9D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027909987.000001690DD1D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1984963797.000001690DDA9000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1985583021.000001690DCDD000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025877925.000001690DD0F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021332069.000001690DC9D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024107128.000001690DD03000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/python/cpython/issues/86361.
Source: version-checker-won-x64.exe, 0000000D.00000002.2049500330.000001690E5F0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/python/importlib_metadata/issues/396
Source: version-checker-won-x64.exe, 0000000D.00000002.2049500330.000001690E5F0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/python/importlib_metadata/issues/396P_i
Source: version-checker-won-x64.exe, 0000000D.00000003.2045741230.000001690D8D8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025592618.000001690D8CA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2046858808.000001690D8D8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028356036.000001690D8D7000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027929319.000001690D8D4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: version-checker-won-x64.exe, 0000000D.00000003.2043769110.000001690DD26000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037745717.000001690DD26000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027372770.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028853088.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021332069.000001690DC9D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021826416.000001690DD23000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: version-checker-won-x64.exe, 0000000D.00000002.2051567757.000001690F630000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/urllib3/urllib3/issues/497
Source: version-checker-won-x64.exe, 0000000D.00000003.2023786730.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022657579.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027751530.000001690E4AA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033213915.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2042621168.000001690E4C0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021915884.000001690E4CA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033747209.000001690E4B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024208209.000001690E49E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2036754456.000001690E4C0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027345442.000001690E4A0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026408768.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://httpbin.org/
Source: version-checker-won-x64.exe, 0000000D.00000002.2051813692.000001690F830000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2032523874.000001690E111000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021332069.000001690DC12000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037330027.000001690DC38000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2035895903.000001690E4AC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2034548919.000001690E114000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://httpbin.org/get
Source: version-checker-won-x64.exe, 0000000D.00000003.2043769110.000001690DD26000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037745717.000001690DD26000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027372770.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028853088.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021332069.000001690DC9D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021826416.000001690DD23000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://httpbin.org/post
Source: version-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
Source: version-checker-won-x64.exe, 0000000D.00000002.2048235604.000001690DFF0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
Source: LexusXA-installer-win_x64.exe, 00000004.00000000.1793276311.0000000000CE1000.00000020.00000001.01000000.00000003.sdmp String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: version-checker-won-x64.exe, 0000000D.00000003.2024376750.000001690E2D3000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028237579.000001690E11F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029515240.000001690E3B8000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049228466.000001690E3D8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://json.org
Source: version-checker-won-x64.exe, 0000000D.00000003.2036335523.000001690E22D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026492074.000001690E22C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1987569440.000001690DD1F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E22C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1987955573.000001690DC48000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024597365.000001690E22C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027703168.000001690E22C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028567467.000001690E22C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037004188.000001690E237000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2030446149.000001690E22D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1987702733.000001690E23A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://mahler:8092/site-updates.py
Source: version-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
Source: version-checker-won-x64.exe, 0000000D.00000003.2026758927.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024951317.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2030095591.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2034945338.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2036167838.000001690E36C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
Source: version-checker-won-x64.exe, 0000000D.00000002.2049766731.000001690E8F0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://packaging.python.org/en/latest/guides/packaging-namespace-packages/.
Source: version-checker-won-x64.exe, 0000000D.00000002.2049766731.000001690E8F0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://packaging.python.org/en/latest/specifications/core-metadata/
Source: version-checker-won-x64.exe, 0000000D.00000002.2049591335.000001690E6F0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/
Source: version-checker-won-x64.exe, 0000000D.00000002.2049591335.000001690E6F0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/0
Source: version-checker-won-x64.exe, 0000000D.00000003.2030880232.000001690E120000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028237579.000001690E11F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://packaging.python.org/en/latest/specifications/pyproject-toml/#declaring-project-metadata-the
Source: version-checker-won-x64.exe, 0000000D.00000002.2049500330.000001690E5F0000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049413398.000001690E4F0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://packaging.python.org/specifications/entry-points/
Source: version-checker-won-x64.exe, 0000000D.00000002.2048148396.000001690DEF0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://peps.python.org/pep-0205/
Source: version-checker-won-x64.exe, 0000000D.00000002.2056908268.00007FFDFA3B1000.00000002.00000001.01000000.0000000F.sdmp String found in binary or memory: https://peps.python.org/pep-0263/
Source: version-checker-won-x64.exe, 0000000D.00000002.2049766731.000001690E8F0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://peps.python.org/pep-0685/
Source: version-checker-won-x64.exe, 0000000D.00000002.2049766731.000001690E8F0000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049591335.000001690E6F0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://pypi.org/project/build/).
Source: version-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pypi.org/project/cryptography/
Source: version-checker-won-x64.exe, 0000000C.00000003.1964303861.00000144AA6B8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
Source: version-checker-won-x64.exe, 0000000D.00000002.2049500330.000001690E5F0000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049591335.000001690E6F0000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051466610.000001690F530000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
Source: version-checker-won-x64.exe, 0000000D.00000003.2043769110.000001690DD26000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037745717.000001690DD26000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027372770.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051813692.000001690F8F4000.00000004.00001000.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028853088.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021332069.000001690DC9D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021826416.000001690DD23000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://requests.readthedocs.io
Source: version-checker-won-x64.exe, 0000000D.00000002.2049766731.000001690E8F0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://setuptools.pypa.io/en/latest/
Source: version-checker-won-x64.exe, 0000000D.00000003.2035708302.000001690ECB1000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025375069.000001690EC9A000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2043873163.000001690ECB1000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2025502210.000001690ECB0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
Source: version-checker-won-x64.exe, 0000000D.00000002.2051466610.000001690F530000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages
Source: version-checker-won-x64.exe, 0000000D.00000002.2051466610.000001690F530000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages0
Source: version-checker-won-x64.exe, 0000000D.00000003.2030568589.000001690E43A000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023836398.000001690E435000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033552250.000001690E44A000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E41D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024182006.000001690E438000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023097190.000001690E41D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: version-checker-won-x64.exe, 0000000D.00000003.2028000665.000001690F042000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2031990055.000001690F04C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026758927.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2051128788.000001690F05E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024951317.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033144108.000001690F05E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029203698.000001690E372000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc3610
Source: version-checker-won-x64.exe, 0000000D.00000003.2028000665.000001690F042000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026758927.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024951317.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E339000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029251556.000001690F06B000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2029203698.000001690E372000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc5297
Source: version-checker-won-x64.exe, 0000000D.00000003.2030880232.000001690E120000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037184702.000001690E126000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028237579.000001690E11F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
Source: version-checker-won-x64.exe, 0000000D.00000003.2023786730.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022657579.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027751530.000001690E4AA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033213915.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2042621168.000001690E4C0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021915884.000001690E4CA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033747209.000001690E4B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024208209.000001690E49E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2036754456.000001690E4C0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027345442.000001690E4A0000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026408768.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://twitter.com/
Source: version-checker-won-x64.exe, 0000000D.00000002.2049413398.000001690E4F0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://upload.pypi.org/legacy/
Source: version-checker-won-x64.exe, 0000000D.00000002.2049413398.000001690E4F0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://upload.pypi.org/legacy/arSFX0
Source: version-checker-won-x64.exe, 0000000D.00000002.2051567757.000001690F630000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxy
Source: version-checker-won-x64.exe, 0000000D.00000002.2051567757.000001690F630000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#https-proxy-error-http-proxyx
Source: version-checker-won-x64.exe, 0000000D.00000002.2051567757.000001690F630000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warnings
Source: version-checker-won-x64.exe, 0000000D.00000002.2051567757.000001690F630000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warningsP
Source: version-checker-won-x64.exe, 0000000D.00000002.2051567757.000001690F630000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://urllib3.readthedocs.io/en/1.26.x/advanced-usage.html#ssl-warningsx
Source: version-checker-won-x64.exe, 0000000D.00000002.2051567757.000001690F630000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://urllib3.readthedocs.io/en/stable/v2-migration-guide.html
Source: version-checker-won-x64.exe, 0000000D.00000002.2051567757.000001690F630000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://urllib3.readthedocs.io/en/stable/v2-migration-guide.htmlW
Source: version-checker-won-x64.exe, 0000000D.00000003.2023786730.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2033213915.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E47D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021915884.000001690E4CA000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026408768.000001690E4CC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://w3c.github.io/html/sec-forms.html#multipart-form-data
Source: version-checker-won-x64.exe, 0000000D.00000003.2028167764.000001690E41D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2036843536.000001690E422000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021130046.000001690E41D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2030348269.000001690E41D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2023097190.000001690E41D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028619662.000001690E41D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2049304612.000001690E45D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037546902.000001690E45D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022657579.000001690E45C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gz
Source: version-checker-won-x64.exe, 0000000C.00000003.1964016117.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.apache.org/licenses/
Source: version-checker-won-x64.exe, 0000000C.00000003.1964016117.00000144AA6C3000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1964138099.00000144AA6C3000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000C.00000003.1964016117.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: version-checker-won-x64.exe, 0000000D.00000002.2048348576.000001690E114000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2032523874.000001690E111000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2034548919.000001690E114000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
Source: LexusXA-installer-win_x64.exe, 00000004.00000003.1796357625.000000007EF7B000.00000004.00001000.00020000.00000000.sdmp, LexusXA-installer-win_x64.exe, 00000004.00000003.1795958868.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, LexusXA-installer-win_x64.tmp, 00000005.00000000.1797767219.0000000000741000.00000020.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.innosetup.com/
Source: version-checker-won-x64.exe, 0000000C.00000003.1968334997.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2056521097.00007FFDF9FAA000.00000002.00000001.01000000.0000001C.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2059940453.00007FFE0138F000.00000002.00000001.01000000.0000001E.sdmp String found in binary or memory: https://www.openssl.org/H
Source: version-checker-won-x64.exe, 0000000D.00000003.2043769110.000001690DD26000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037745717.000001690DD26000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027372770.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028853088.000001690DD25000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021332069.000001690DC9D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2021826416.000001690DD23000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.python.org
Source: version-checker-won-x64.exe, 0000000D.00000003.2036335523.000001690E22D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026492074.000001690E22C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1987569440.000001690DD1F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E22C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1987955573.000001690DC48000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024597365.000001690E22C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2027703168.000001690E22C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028567467.000001690E22C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037004188.000001690E237000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2030446149.000001690E22D000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.1987702733.000001690E23A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.python.org/
Source: version-checker-won-x64.exe, 0000000D.00000002.2057652727.00007FFDFA528000.00000008.00000001.01000000.0000000F.sdmp String found in binary or memory: https://www.python.org/psf/license/
Source: version-checker-won-x64.exe, 0000000D.00000002.2056908268.00007FFDFA3B1000.00000002.00000001.01000000.0000000F.sdmp String found in binary or memory: https://www.python.org/psf/license/)
Source: LexusXA-installer-win_x64.exe, 00000004.00000003.1796357625.000000007EF7B000.00000004.00001000.00020000.00000000.sdmp, LexusXA-installer-win_x64.exe, 00000004.00000003.1795958868.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, LexusXA-installer-win_x64.tmp, 00000005.00000000.1797767219.0000000000741000.00000020.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.remobjects.com/ps
Source: version-checker-won-x64.exe, 0000000D.00000003.2026080839.000001690EFDF000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026014257.000001690EFC4000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EFC4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://wwww.certigna.fr/autorites/
Source: version-checker-won-x64.exe, 0000000D.00000003.2027073040.000001690E23E000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2022285791.000001690E22C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2037283848.000001690E24C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2048893394.000001690E24F000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2024376750.000001690E23C000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028404435.000001690E248000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: version-checker-won-x64.exe, 0000000D.00000003.2026080839.000001690EFDF000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2026014257.000001690EFC4000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2020087014.000001690EFC4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://wwww.certigna.fr/autorites/P
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Contains functionality to communicate with device drivers
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E36FC6: __EH_prolog,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW, 11_2_00E36FC6
Creates files inside the system directory
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\6b4cdf.msi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI4F9E.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI501C.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI504C.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\SourceHash{C54536A2-F634-404D-88DE-77163336AD19} Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI5128.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\{C54536A2-F634-404D-88DE-77163336AD19} Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\{C54536A2-F634-404D-88DE-77163336AD19}\red.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\6b4ce1.msi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\6b4ce1.msi Jump to behavior
Deletes files inside the Windows folder
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSI4F9E.tmp Jump to behavior
Detected potential crypto function
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E4626D 11_2_00E4626D
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E383C0 11_2_00E383C0
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E330FC 11_2_00E330FC
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E5C0B0 11_2_00E5C0B0
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E50113 11_2_00E50113
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E4F3CA 11_2_00E4F3CA
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E433D3 11_2_00E433D3
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E3F5C5 11_2_00E3F5C5
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E50548 11_2_00E50548
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E5C55E 11_2_00E5C55E
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E3E510 11_2_00E3E510
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E466A2 11_2_00E466A2
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E32692 11_2_00E32692
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E4364E 11_2_00E4364E
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E60654 11_2_00E60654
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E4F8C6 11_2_00E4F8C6
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E4589E 11_2_00E4589E
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E3E973 11_2_00E3E973
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E4397F 11_2_00E4397F
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E3BAD1 11_2_00E3BAD1
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E3DADD 11_2_00E3DADD
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E4FCDE 11_2_00E4FCDE
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E46CDB 11_2_00E46CDB
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E53CBA 11_2_00E53CBA
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E35D7E 11_2_00E35D7E
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E53EE9 11_2_00E53EE9
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E33EAD 11_2_00E33EAD
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E3DF12 11_2_00E3DF12
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E891000 12_2_00007FF70E891000
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8B4F10 12_2_00007FF70E8B4F10
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8AFBD8 12_2_00007FF70E8AFBD8
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8B5C74 12_2_00007FF70E8B5C74
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E89979B 12_2_00007FF70E89979B
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E899FCD 12_2_00007FF70E899FCD
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8A1F30 12_2_00007FF70E8A1F30
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8AFBD8 12_2_00007FF70E8AFBD8
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8B5728 12_2_00007FF70E8B5728
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8B2F20 12_2_00007FF70E8B2F20
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8A28C0 12_2_00007FF70E8A28C0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8A5040 12_2_00007FF70E8A5040
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8A1074 12_2_00007FF70E8A1074
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8AD880 12_2_00007FF70E8AD880
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8995FB 12_2_00007FF70E8995FB
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8ACD6C 12_2_00007FF70E8ACD6C
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8A0E70 12_2_00007FF70E8A0E70
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8B33BC 12_2_00007FF70E8B33BC
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8A73F4 12_2_00007FF70E8A73F4
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E898B20 12_2_00007FF70E898B20
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8B0B84 12_2_00007FF70E8B0B84
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8A2CC4 12_2_00007FF70E8A2CC4
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8A0C64 12_2_00007FF70E8A0C64
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8A1484 12_2_00007FF70E8A1484
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8A91B0 12_2_00007FF70E8A91B0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8AD200 12_2_00007FF70E8AD200
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8B518C 12_2_00007FF70E8B518C
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8A7AAC 12_2_00007FF70E8A7AAC
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8B8A38 12_2_00007FF70E8B8A38
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8A0A60 12_2_00007FF70E8A0A60
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8A1280 12_2_00007FF70E8A1280
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E891000 13_2_00007FF70E891000
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E8B4F10 13_2_00007FF70E8B4F10
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E8B5C74 13_2_00007FF70E8B5C74
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E89979B 13_2_00007FF70E89979B
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E899FCD 13_2_00007FF70E899FCD
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E8A1F30 13_2_00007FF70E8A1F30
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E8AFBD8 13_2_00007FF70E8AFBD8
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E8B5728 13_2_00007FF70E8B5728
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E8B2F20 13_2_00007FF70E8B2F20
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E8A28C0 13_2_00007FF70E8A28C0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E8A5040 13_2_00007FF70E8A5040
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E8A1074 13_2_00007FF70E8A1074
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E8AD880 13_2_00007FF70E8AD880
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E8995FB 13_2_00007FF70E8995FB
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E8ACD6C 13_2_00007FF70E8ACD6C
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E8A0E70 13_2_00007FF70E8A0E70
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E8B33BC 13_2_00007FF70E8B33BC
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E8A73F4 13_2_00007FF70E8A73F4
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E8AFBD8 13_2_00007FF70E8AFBD8
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E898B20 13_2_00007FF70E898B20
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E8B0B84 13_2_00007FF70E8B0B84
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E8A2CC4 13_2_00007FF70E8A2CC4
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E8A0C64 13_2_00007FF70E8A0C64
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E8A1484 13_2_00007FF70E8A1484
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E8A91B0 13_2_00007FF70E8A91B0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E8AD200 13_2_00007FF70E8AD200
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E8B518C 13_2_00007FF70E8B518C
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E8A7AAC 13_2_00007FF70E8A7AAC
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E8B8A38 13_2_00007FF70E8B8A38
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E8A0A60 13_2_00007FF70E8A0A60
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E8A1280 13_2_00007FF70E8A1280
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA989260 13_2_00007FFDFA989260
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA992210 13_2_00007FFDFA992210
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFAA28A80 13_2_00007FFDFAA28A80
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA9C6C10 13_2_00007FFDFA9C6C10
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA973BF0 13_2_00007FFDFA973BF0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA98CBF0 13_2_00007FFDFA98CBF0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA9D4BF0 13_2_00007FFDFA9D4BF0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA979B80 13_2_00007FFDFA979B80
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA9DBBD0 13_2_00007FFDFA9DBBD0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA9DC910 13_2_00007FFDFA9DC910
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA9868E0 13_2_00007FFDFA9868E0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA9B5890 13_2_00007FFDFA9B5890
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA9E7860 13_2_00007FFDFA9E7860
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA97286E 13_2_00007FFDFA97286E
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA9E28B6 13_2_00007FFDFA9E28B6
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFAA2A9F0 13_2_00007FFDFAA2A9F0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFAA21A40 13_2_00007FFDFAA21A40
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA9D2A20 13_2_00007FFDFA9D2A20
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA999980 13_2_00007FFDFA999980
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA97F9A0 13_2_00007FFDFA97F9A0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA9B4E80 13_2_00007FFDFA9B4E80
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA998000 13_2_00007FFDFA998000
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFAA0CFF0 13_2_00007FFDFAA0CFF0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA997020 13_2_00007FFDFA997020
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA9ED030 13_2_00007FFDFA9ED030
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA9CCD00 13_2_00007FFDFA9CCD00
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA9ACC79 13_2_00007FFDFA9ACC79
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA97BCC0 13_2_00007FFDFA97BCC0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFAA1FCA0 13_2_00007FFDFAA1FCA0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA9BBCB0 13_2_00007FFDFA9BBCB0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA989CB0 13_2_00007FFDFA989CB0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA9CBD80 13_2_00007FFDFA9CBD80
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA99DD90 13_2_00007FFDFA99DD90
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFAA02D90 13_2_00007FFDFAA02D90
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA9F4D90 13_2_00007FFDFA9F4D90
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA980D70 13_2_00007FFDFA980D70
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFAA08DD0 13_2_00007FFDFAA08DD0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA9FADD0 13_2_00007FFDFA9FADD0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA9C0DB0 13_2_00007FFDFA9C0DB0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA977316 13_2_00007FFDFA977316
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA99F2E0 13_2_00007FFDFA99F2E0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA99D2F0 13_2_00007FFDFA99D2F0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA98C330 13_2_00007FFDFA98C330
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFAA28260 13_2_00007FFDFAA28260
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA9732D5 13_2_00007FFDFA9732D5
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFAA34440 13_2_00007FFDFAA34440
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFAA16430 13_2_00007FFDFAA16430
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA9D7420 13_2_00007FFDFA9D7420
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA9FA430 13_2_00007FFDFA9FA430
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFAA1B3C0 13_2_00007FFDFAA1B3C0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA974100 13_2_00007FFDFA974100
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA9FC0F0 13_2_00007FFDFA9FC0F0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFAA171F0 13_2_00007FFDFAA171F0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA98D250 13_2_00007FFDFA98D250
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA9FE220 13_2_00007FFDFA9FE220
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFAA25180 13_2_00007FFDFAA25180
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA982190 13_2_00007FFDFA982190
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFAA1E170 13_2_00007FFDFAA1E170
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA9CE740 13_2_00007FFDFA9CE740
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA9CB670 13_2_00007FFDFA9CB670
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA974800 13_2_00007FFDFA974800
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFAA29850 13_2_00007FFDFAA29850
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA97A850 13_2_00007FFDFA97A850
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA9D0790 13_2_00007FFDFA9D0790
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA9F87D0 13_2_00007FFDFA9F87D0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA9BA540 13_2_00007FFDFA9BA540
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA974550 13_2_00007FFDFA974550
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA9E4480 13_2_00007FFDFA9E4480
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFAA27470 13_2_00007FFDFAA27470
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA9794C0 13_2_00007FFDFA9794C0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFAA1A4A0 13_2_00007FFDFAA1A4A0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA983600 13_2_00007FFDFA983600
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFAA175F0 13_2_00007FFDFAA175F0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFAA15630 13_2_00007FFDFAA15630
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA994560 13_2_00007FFDFA994560
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA9A15A0 13_2_00007FFDFA9A15A0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFA99E5A0 13_2_00007FFDFA99E5A0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFF171880 13_2_00007FFDFF171880
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFF1712F0 13_2_00007FFDFF1712F0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFE01792110 13_2_00007FFE01792110
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFE01791D40 13_2_00007FFE01791D40
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFE02A121C0 13_2_00007FFE02A121C0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFE02A11F10 13_2_00007FFE02A11F10
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFE0B2C1FA0 13_2_00007FFE0B2C1FA0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFE0C0A2050 13_2_00007FFE0C0A2050
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFE0C0A1F40 13_2_00007FFE0C0A1F40
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFE0C0B22D0 13_2_00007FFE0C0B22D0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFE0C0B1D40 13_2_00007FFE0C0B1D40
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFE0C0C2160 13_2_00007FFE0C0C2160
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFE0CF82070 13_2_00007FFE0CF82070
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFE0CF97CB8 13_2_00007FFE0CF97CB8
Found potential string decryption / allocating functions
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: String function: 00E4E2F0 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: String function: 00E4D870 appears 35 times
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: String function: 00E4D940 appears 51 times
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: String function: 00007FF70E892760 appears 36 times
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: String function: 00007FF70E8925F0 appears 100 times
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: String function: 00007FFDFA97A490 appears 178 times
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: String function: 00007FFDFA979330 appears 136 times
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: String function: 00007FFDFA9A1E20 appears 33 times
PE file contains executable resources (Code or Archives)
Source: LexusXA-installer-win_x64.tmp.4.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-KAK7L.tmp.5.dr Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-LOG4N.tmp.5.dr Static PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, Windows 2000/XP setup, 18065000 bytes, 1 file, at 0x2c +A "version-checker-win-x64.exe", ID 2562, number 1, 556 datablocks, 0x1503 compression
Source: _overlapped.pyd.12.dr Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: unicodedata.pyd.12.dr Static PE information: Resource name: RT_VERSION type: COM executable for DOS
PE file contains more sections than normal
Source: LexusXA-installer-win_x64.tmp.4.dr Static PE information: Number of sections : 11 > 10
Source: is-KAK7L.tmp.5.dr Static PE information: Number of sections : 11 > 10
Source: LexusXA-installer-win_x64.exe.1.dr Static PE information: Number of sections : 11 > 10
PE file does not import any functions
Source: api-ms-win-core-file-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: python3.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.12.dr Static PE information: No import functions for PE file found
Sample file is different than original file name gathered from version info
Source: LexusXA Installer.msi Binary or memory string: OriginalFilenameAICustAct.dllF vs LexusXA Installer.msi
Source: classification engine Classification label: sus32.spyw.winMSI@17/165@1/1
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E36D06 GetLastError,FormatMessageW, 11_2_00E36D06
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E4963A FindResourceW,DeleteObject,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree, 11_2_00E4963A
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\LexusORG Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp File created: C:\Users\user\AppData\Local\Programs Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Temp\MSI2254.tmp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Command line argument: ps 11_2_00E4CBB8
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Command line argument: sfxname 11_2_00E4CBB8
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Command line argument: sfxstime 11_2_00E4CBB8
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Command line argument: STARTDLG 11_2_00E4CBB8
Source: C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exe Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor
Source: C:\Windows\System32\msiexec.exe File read: C:\Windows\win.ini Jump to behavior
Source: C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization Jump to behavior
Source: version-checker-won-x64.exe, 0000000D.00000002.2058435733.00007FFDFAAA5000.00000002.00000001.01000000.00000023.sdmp Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: version-checker-won-x64.exe, 0000000D.00000002.2058435733.00007FFDFAAA5000.00000002.00000001.01000000.00000023.sdmp Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: version-checker-won-x64.exe, 0000000D.00000002.2058435733.00007FFDFAAA5000.00000002.00000001.01000000.00000023.sdmp Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: version-checker-won-x64.exe, 0000000D.00000002.2058435733.00007FFDFAAA5000.00000002.00000001.01000000.00000023.sdmp Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: version-checker-won-x64.exe, version-checker-won-x64.exe, 0000000D.00000002.2058435733.00007FFDFAAA5000.00000002.00000001.01000000.00000023.sdmp Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: version-checker-won-x64.exe, 0000000D.00000002.2058435733.00007FFDFAAA5000.00000002.00000001.01000000.00000023.sdmp Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: version-checker-won-x64.exe, 0000000D.00000003.2023437480.000001690F0A6000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2028000665.000001690F087000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: version-checker-won-x64.exe, 0000000D.00000002.2058435733.00007FFDFAAA5000.00000002.00000001.01000000.00000023.sdmp Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: LexusXA Installer.msi ReversingLabs: Detection: 18%
Source: LexusXA Installer.msi Virustotal: Detection: 11%
Source: unknown Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\LexusXA Installer.msi"
Source: unknown Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 80745C949CFC24E358273D649EA9B511 C
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding D0A27BFD503CBB4ECD262F85E025A5D0
Source: unknown Process created: C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exe "C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exe"
Source: C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exe Process created: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp "C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp" /SL5="$2044C,19187169,794112,C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exe"
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Process created: C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exe "C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exe"
Source: C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exe Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Process created: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe "C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe"
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Process created: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe "C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe"
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 80745C949CFC24E358273D649EA9B511 C Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding D0A27BFD503CBB4ECD262F85E025A5D0 Jump to behavior
Source: C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exe Process created: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp "C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp" /SL5="$2044C,19187169,794112,C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Process created: C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exe "C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exe Process created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Process created: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe "C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Process created: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe "C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: srpapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msihnd.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: srclient.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: spp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vssapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vsstrace.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.ui.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windowmanagementapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: inputhost.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.ui.immersive.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.ui.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windowmanagementapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: inputhost.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: windows.ui.immersive.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Section loaded: linkinfo.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Section loaded: ntshrui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Section loaded: cscapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exe Section loaded: feclient.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: <pi-ms-win-core-synch-l1-2-0.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: <pi-ms-win-core-fibers-l1-1-1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: <pi-ms-win-core-synch-l1-2-0.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: <pi-ms-win-core-fibers-l1-1-1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: <pi-ms-win-core-localization-l1-2-1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: dxgidebug.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: windows.fileexplorer.common.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: ntshrui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: cscapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Section loaded: linkinfo.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Section loaded: libffi-8.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Section loaded: vcruntime140_1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Section loaded: libcrypto-3.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Section loaded: libssl-3.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Section loaded: sqlite3.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Section loaded: pywintypes312.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32 Jump to behavior
Source: Lexus.lnk.5.dr LNK file: ..\..\..\..\..\Local\Programs\Lexus\version-iexpress-x64.exe
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Window found: window name: TMainForm Jump to behavior
Source: C:\Windows\System32\msiexec.exe Automated click: Next >
Source: C:\Windows\System32\msiexec.exe Automated click: Next >
Source: C:\Windows\System32\msiexec.exe Automated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Automated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Automated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Automated click: Next
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3ED9554-CBB3-415C-8158-443CAC428D41}_is1 Jump to behavior
Source: LexusXA Installer.msi Static file information: File size 21343744 > 1048576
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962475488.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962750449.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wextract.pdb source: version-iexpress-x64.exe, 0000000A.00000000.1915420288.00007FF7CC9C9000.00000002.00000001.01000000.00000008.sdmp, version-iexpress-x64.exe, 0000000A.00000002.2071306434.00007FF7CC9C9000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960330766.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2060138074.00007FFE01455000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960887245.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.12.dr
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960080081.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961783900.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962302905.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962835732.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: version-checker-won-x64.exe, 0000000D.00000002.2056183537.00007FFDF9E69000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: version-checker-won-x64.exe, 0000000C.00000003.1957144635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2066115279.00007FFE13313000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb** source: version-checker-won-x64.exe, 0000000D.00000002.2058999517.00007FFE002A1000.00000002.00000001.01000000.00000037.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\win32crypt.pdb!! source: version-checker-won-x64.exe, 0000000D.00000002.2059256900.00007FFE00712000.00000002.00000001.01000000.00000036.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1959047757.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960564952.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1957339046.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2065487704.00007FFE12E15000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961955049.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961618337.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962228941.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2065890283.00007FFE13211000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1958719632.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2064719044.00007FFE11BC7000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960154808.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.12.dr
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961127995.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1959913414.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960242326.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1957466313.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2062840065.00007FFE101D8000.00000002.00000001.01000000.0000001F.sdmp
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962142068.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.12.dr
Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2062308333.00007FFE0CFD2000.00000002.00000001.01000000.00000021.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1958900969.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2063199368.00007FFE1025C000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1957714044.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2063435354.00007FFE1030E000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961375118.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdbUGP source: version-checker-won-x64.exe, 0000000D.00000002.2060138074.00007FFE01455000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1959381736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2064850176.00007FFE11BE9000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: LexusXA Installer.msi, MSI2254.tmp.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: version-checker-won-x64.exe, 0000000C.00000003.1957339046.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2065487704.00007FFE12E15000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1963013495.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: version-checker-win-x64.exe, 0000000B.00000000.1929652033.0000000000E62000.00000002.00000001.01000000.00000009.sdmp, version-checker-win-x64.exe, 0000000B.00000002.2069719107.0000000000E62000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2056908268.00007FFDFA3B1000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960491736.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1973523609.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2058593248.00007FFDFF27F000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: wextract.pdbGCTL source: version-iexpress-x64.exe, 0000000A.00000000.1915420288.00007FF7CC9C9000.00000002.00000001.01000000.00000008.sdmp, version-iexpress-x64.exe, 0000000A.00000002.2071306434.00007FF7CC9C9000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\win32evtlog.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1975204597.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: version-checker-won-x64.exe, 0000000D.00000002.2056183537.00007FFDF9F01000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: version-checker-won-x64.exe, 0000000D.00000002.2059871614.00007FFE01354000.00000002.00000001.01000000.0000001E.sdmp
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961701595.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.12.dr
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961050706.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\win32crypt.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2059256900.00007FFE00712000.00000002.00000001.01000000.00000036.sdmp
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960001370.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1959150635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2064540196.00007FFE11BB6000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962046130.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1957144635.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2066115279.00007FFE13313000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2058435733.00007FFDFAAA5000.00000002.00000001.01000000.00000023.sdmp
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962565963.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960806630.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-312\Release\pywintypes.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2058999517.00007FFE002A1000.00000002.00000001.01000000.00000037.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2056183537.00007FFDF9F01000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961297642.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1971640496.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2065222536.00007FFE120C3000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960967982.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1963099086.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961457620.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961870123.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1961531762.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.12.dr
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960418255.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: version-checker-won-x64.exe, 0000000C.00000003.1958900969.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2063199368.00007FFE1025C000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962663001.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960728484.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.12.dr
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1959261581.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2065006495.00007FFE11EA3000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1959824073.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2065673710.00007FFE130C4000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1960649401.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: version-checker-won-x64.exe, 0000000C.00000003.1959824073.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2065673710.00007FFE130C4000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2062139112.00007FFE0CF9F000.00000002.00000001.01000000.00000022.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1969190982.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000002.2046036710.000001690BE30000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2059871614.00007FFE01354000.00000002.00000001.01000000.0000001E.sdmp
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962391189.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: version-checker-won-x64.exe, 0000000C.00000003.1962927182.00000144AA6B5000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: version-checker-won-x64.exe, 0000000D.00000002.2062469688.00007FFE0E16D000.00000002.00000001.01000000.0000001D.sdmp
Binary contains a suspicious time stamp
Source: is-LOG4N.tmp.5.dr Static PE information: 0xAE1BC4F8 [Tue Jul 25 12:18:00 2062 UTC]
File is packed with WinRar
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe File created: C:\Users\user\AppData\Local\Temp\RarSFX0\__tmp_rar_sfx_access_check_7048734 Jump to behavior
PE file contains sections with non-standard names
Source: MSI2254.tmp.0.dr Static PE information: section name: .fptable
Source: MSI22D2.tmp.0.dr Static PE information: section name: .fptable
Source: MSI2312.tmp.0.dr Static PE information: section name: .fptable
Source: MSI2332.tmp.0.dr Static PE information: section name: .fptable
Source: MSI2362.tmp.0.dr Static PE information: section name: .fptable
Source: MSI242E.tmp.0.dr Static PE information: section name: .fptable
Source: MSI245E.tmp.0.dr Static PE information: section name: .fptable
Source: MSI5736.tmp.0.dr Static PE information: section name: .fptable
Source: MSI5766.tmp.0.dr Static PE information: section name: .fptable
Source: LexusXA-installer-win_x64.exe.1.dr Static PE information: section name: .didata
Source: MSI501C.tmp.1.dr Static PE information: section name: .fptable
Source: MSI504C.tmp.1.dr Static PE information: section name: .fptable
Source: MSI4F9E.tmp.1.dr Static PE information: section name: .fptable
Source: LexusXA-installer-win_x64.tmp.4.dr Static PE information: section name: .didata
Source: is-KAK7L.tmp.5.dr Static PE information: section name: .didata
Source: libcrypto-3.dll.12.dr Static PE information: section name: .00cfg
Source: libssl-3.dll.12.dr Static PE information: section name: .00cfg
Source: python312.dll.12.dr Static PE information: section name: PyRuntim
Source: VCRUNTIME140.dll.12.dr Static PE information: section name: fothk
Source: VCRUNTIME140.dll.12.dr Static PE information: section name: _RDATA
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E4E336 push ecx; ret 11_2_00E4E349
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E4D870 push eax; ret 11_2_00E4D88E
Drops PE files
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_RIPEMD160.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp File created: C:\Users\user\AppData\Local\Programs\Lexus\is-KAK7L.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_blowfish.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_MD5.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Math\_modexp.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp File created: C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ctr.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_BLAKE2s.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_poly1305.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Temp\MSI22D2.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\_multiprocessing.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ecb.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI4F9E.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Temp\MSI2332.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_cbc.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\_bz2.pyd Jump to dropped file
Source: C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exe File created: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\PublicKey\_x25519.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Temp\MSI5736.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Temp\MSI5766.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\sqlite3.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\win32\win32api.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_keccak.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA256.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\_lzma.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp File created: C:\Users\user\AppData\Local\Temp\is-R6R4G.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\_queue.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exe File created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\_hashlib.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ofb.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_ghash_portable.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\PublicKey\_ed25519.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_MD2.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA512.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-console-l1-1-0.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Temp\MSI242E.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA224.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp File created: C:\Users\user\AppData\Local\Programs\Lexus\unins000.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\_overlapped.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ocb.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI504C.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_cfb.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI501C.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_aes.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Temp\MSI2312.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\_ctypes.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\PublicKey\_ec_ws.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\libcrypto-3.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-libraryloader-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\win32\win32evtlog.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Util\_cpuid_c.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_des3.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\_sqlite3.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\_socket.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_BLAKE2b.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Temp\MSI245E.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_eksblowfish.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\_wmi.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\_decimal.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_pkcs1_decode.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Util\_strxor.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Temp\MSI2362.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp File created: C:\Users\user\AppData\Local\Programs\Lexus\is-LOG4N.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\select.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\python3.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\VCRUNTIME140_1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\cryptography\hazmat\bindings\_rust.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_MD4.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\win32\win32crypt.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA384.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\_cffi_backend.cp312-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe File created: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_Salsa20.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\python312.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\PublicKey\_ed448.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_cast.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Users\user\AppData\Local\Temp\MSI2254.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-timezone-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\pyexpat.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\_ssl.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\pywin32_system32\pywintypes312.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_ARC4.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_chacha20.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-file-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\_asyncio.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\ucrtbase.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_des.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\libssl-3.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Protocol\_scrypt.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_aesni.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA1.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_ghash_clmul.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\unicodedata.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_arc2.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\VCRUNTIME140.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\libffi-8.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File created: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Drops PE files to the windows directory (C:\Windows)
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI504C.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI4F9E.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI501C.tmp Jump to dropped file

Boot Survival
barindex
Creates an undocumented autostart registry key
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Key value created or modified: HKEY_CURRENT_USER_Classes\.exe\OpenWithProgids LexusFile.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Key value created or modified: HKEY_CURRENT_USER_Classes\.exe\OpenWithProgids LexusFile.exe Jump to behavior
Extensive use of GetProcAddress (often used to hide API calls)
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8950B0 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 12_2_00007FF70E8950B0
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Registry key monitored for changes: HKEY_CURRENT_USER_Classes Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\LexusORG\LexusXA Installer\LexusXA-installer-win_x64.exe Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_RIPEMD160.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-sysinfo-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Lexus\is-KAK7L.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-rtlsupport-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_blowfish.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_MD5.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-environment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Math\_modexp.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-profile-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-file-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-processthreads-l1-1-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ctr.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_BLAKE2s.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-debug-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_poly1305.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-datetime-l1-1-0.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI22D2.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-convert-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\_multiprocessing.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ecb.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-localization-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-errorhandling-l1-1-0.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI4F9E.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI2332.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_cbc.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\_bz2.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\PublicKey\_x25519.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI5736.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI5766.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\win32\win32api.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_keccak.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-synch-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA256.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\_lzma.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\_queue.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-R6R4G.tmp\_isetup\_setup64.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\_hashlib.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-util-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ofb.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_ghash_portable.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\PublicKey\_ed25519.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-processenvironment-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_MD2.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA512.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-console-l1-1-0.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI242E.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-memory-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA224.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Lexus\unins000.exe (copy) Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\_overlapped.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-string-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_ocb.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI504C.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_cfb.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI501C.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_aes.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI2312.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\_ctypes.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\PublicKey\_ec_ws.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-synch-l1-2-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-libraryloader-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-heap-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\win32\win32evtlog.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Util\_cpuid_c.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_des3.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\_sqlite3.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\_socket.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-interlocked-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_BLAKE2b.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI245E.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-handle-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_eksblowfish.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-utility-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-filesystem-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\_wmi.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\_decimal.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-math-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_pkcs1_decode.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Util\_strxor.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI2362.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\select.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\python3.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-file-l2-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-runtime-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-processthreads-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_MD4.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\cryptography\hazmat\bindings\_rust.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\win32\win32crypt.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA384.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-stdio-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\_cffi_backend.cp312-win_amd64.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-time-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\python312.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\PublicKey\_ed448.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_Salsa20.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-namedpipe-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_cast.pyd Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI2254.tmp Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\pyexpat.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-timezone-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\_ssl.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-process-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_ARC4.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_chacha20.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-core-file-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\_asyncio.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-locale-l1-1-0.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_des.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Protocol\_scrypt.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_aesni.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_ghash_clmul.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash\_SHA1.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\unicodedata.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher\_raw_arc2.pyd Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI21442\api-ms-win-crt-conio-l1-1-0.dll Jump to dropped file
Found evasive API chain checking for process token information
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Check user administrative privileges: GetTokenInformation,DecisionNodes
Found large amount of non-executed APIs
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe API coverage: 1.7 %
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E3A2DF FindFirstFileW,FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError, 11_2_00E3A2DF
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E4AFB9 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW, 11_2_00E4AFB9
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8985A0 FindFirstFileExW,FindClose, 12_2_00007FF70E8985A0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8979B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW, 12_2_00007FF70E8979B0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8B0B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, 12_2_00007FF70E8B0B84
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E8985A0 FindFirstFileExW,FindClose, 13_2_00007FF70E8985A0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E8B0B84 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose, 13_2_00007FF70E8B0B84
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E8979B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW, 13_2_00007FF70E8979B0
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E4D353 VirtualQuery,GetSystemInfo, 11_2_00E4D353
Source: version-checker-won-x64.exe, 0000000D.00000003.2024648350.000001690D8FF000.00000004.00000020.00020000.00000000.sdmp, version-checker-won-x64.exe, 0000000D.00000003.2042787443.000001690D902000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWi
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe API call chain: ExitProcess graph end node
Source: C:\Windows\System32\msiexec.exe Process information queried: ProcessInformation Jump to behavior
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E4E4F5 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 11_2_00E4E4F5
Contains functionality to read the PEB
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E56AF3 mov eax, dword ptr fs:[00000030h] 11_2_00E56AF3
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E5ACA1 GetProcessHeap, 11_2_00E5ACA1
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E4E4F5 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 11_2_00E4E4F5
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E4E643 SetUnhandledExceptionFilter, 11_2_00E4E643
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E4E7FB SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 11_2_00E4E7FB
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E57BE1 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 11_2_00E57BE1
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E89C62C SetUnhandledExceptionFilter, 12_2_00007FF70E89C62C
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E89BBC0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 12_2_00007FF70E89BBC0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E89C44C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 12_2_00007FF70E89C44C
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8A9924 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 12_2_00007FF70E8A9924
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E89C62C SetUnhandledExceptionFilter, 13_2_00007FF70E89C62C
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E89BBC0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 13_2_00007FF70E89BBC0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E89C44C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 13_2_00007FF70E89C44C
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FF70E8A9924 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 13_2_00007FF70E8A9924
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFAAA2BE0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 13_2_00007FFDFAAA2BE0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFF173028 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 13_2_00007FFDFF173028
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFDFF172A70 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 13_2_00007FFDFF172A70
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFE0029E90C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 13_2_00007FFE0029E90C
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFE01791960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 13_2_00007FFE01791960
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFE01791390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 13_2_00007FFE01791390
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFE02A11960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 13_2_00007FFE02A11960
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFE02A11390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 13_2_00007FFE02A11390
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFE08ED1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 13_2_00007FFE08ED1390
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFE08ED1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 13_2_00007FFE08ED1960
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFE0B2C1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 13_2_00007FFE0B2C1960
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFE0B2C1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 13_2_00007FFE0B2C1390
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFE0C0A1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 13_2_00007FFE0C0A1960
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFE0C0A1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 13_2_00007FFE0C0A1390
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFE0C0B1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 13_2_00007FFE0C0B1960
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFE0C0B1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 13_2_00007FFE0C0B1390
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFE0C0C1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 13_2_00007FFE0C0C1960
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFE0C0C1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 13_2_00007FFE0C0C1390
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFE0CF81960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 13_2_00007FFE0CF81960
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFE0CF81390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 13_2_00007FFE0CF81390
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFE0CF9BEE0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 13_2_00007FFE0CF9BEE0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFE0CF9B920 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 13_2_00007FFE0CF9B920
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Process created: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe "C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Process created: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe "C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFE00298D60 _PyArg_ParseTuple_SizeT,PyErr_Clear,_PyArg_ParseTuple_SizeT,PyErr_Clear,_PyArg_ParseTuple_SizeT,PySequence_Check,PyExc_TypeError,PyErr_SetString,PySequence_Size,PySequence_Tuple,_PyArg_ParseTuple_SizeT,_Py_Dealloc,AllocateAndInitializeSid,PyExc_ValueError,PyErr_SetString,_Py_NewReference,malloc,memset,memcpy, 13_2_00007FFE00298D60
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E4E34B cpuid 11_2_00E4E34B
Contains functionality to query locales information (e.g. system language)
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: GetLocaleInfoW,GetNumberFormatW, 11_2_00E49D99
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-F3SOF.tmp\LexusXA-installer-win_x64.tmp Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Cipher VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Hash VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\PublicKey VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\PublicKey VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\Cryptodome\Util VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\certifi VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\cryptography-42.0.8.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\cryptography-42.0.8.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\cryptography-42.0.8.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\cryptography-42.0.8.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\cryptography-42.0.8.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\cryptography-42.0.8.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\cryptography-42.0.8.dist-info VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\win32 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\win32 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\ucrtbase.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\_ctypes.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\_bz2.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\_lzma.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\win32 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\win32 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\win32 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\_wmi.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\win32 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\win32 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\_socket.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\select.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\win32 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\base_library.zip VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\_queue.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\_hashlib.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\_ssl.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\win32 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\pywin32_system32 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\_asyncio.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\_overlapped.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442\pyexpat.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI21442 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Queries volume information: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Lexus\version-iexpress-x64.exe Code function: 10_2_00007FF7CC9C8964 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,GetTickCount,QueryPerformanceCounter, 10_2_00007FF7CC9C8964
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 12_2_00007FF70E8B4F10 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation, 12_2_00007FF70E8B4F10
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\version-checker-win-x64.exe Code function: 11_2_00E3A995 GetVersionExW, 11_2_00E3A995

Stealing of Sensitive Information
barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFE0CF96BD4 PyFloat_Type,PyUnicode_AsUTF8AndSize,sqlite3_bind_text,PyObject_CheckBuffer,PyErr_Format,sqlite3_bind_null,PyObject_GetBuffer,PyExc_OverflowError,PyErr_SetString,PyBuffer_Release,sqlite3_bind_blob,PyBuffer_Release,PyExc_OverflowError,PyErr_SetString,PyFloat_AsDouble,PyErr_Occurred,sqlite3_bind_double,PyErr_Occurred,sqlite3_bind_int64, 13_2_00007FFE0CF96BD4
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFE0CF94EC0 PyEval_SaveThread,sqlite3_bind_parameter_count,PyEval_RestoreThread,PyTuple_Type,sqlite3_bind_parameter_name,PyLong_Type,PyFloat_Type,PyUnicode_Type,PyLong_AsLongLongAndOverflow,sqlite3_bind_int64,PyUnicode_AsUTF8AndSize,sqlite3_bind_text,PyTuple_Pack,PyDict_GetItemWithError,_Py_Dealloc,PyErr_Occurred,_PyObject_LookupAttr,_PyObject_LookupAttr,PyLong_Type,PyFloat_Type,PyUnicode_Type,PyType_IsSubtype,PyObject_CheckBuffer,PyObject_GetBuffer,sqlite3_bind_blob,PyBuffer_Release,sqlite3_bind_null,PyFloat_AsDouble,sqlite3_bind_double,PyEval_SaveThread,sqlite3_bind_parameter_name,PyEval_RestoreThread,PyUnicode_FromString,PyDict_Type,PyDict_GetItemWithError,_Py_Dealloc,PyExc_DeprecationWarning,PyErr_WarnFormat,PyErr_GetRaisedException,sqlite3_db_handle,_PyErr_ChainExceptions1,PyList_GetItem,PyObject_CallOneArg,_Py_Dealloc,PyErr_Occurred,PyErr_Occurred,PyErr_Format,PyObject_CallOneArg,_Py_Dealloc,PyExc_TypeError,PyErr_ExceptionMatches,PyErr_Clear,PyExc_OverflowError,PyErr_SetString,PySequence_Check,PyTuple_Type,PyErr_GetRaisedException,sqlite3_db_handle,_PyErr_ChainExceptions1,PySequence_Size,PyErr_Format,PyObject_GetItem,PyErr_Occurred,PyErr_Format,PyErr_Format,PyErr_SetString,PySequence_GetItem,_Py_Dealloc,_Py_Dealloc,_Py_Dealloc,PyExc_LookupError,PyErr_ExceptionMatches,_Py_Dealloc,PyObject_CallOneArg,_Py_Dealloc,_Py_Dealloc,PyExc_TypeError,PyErr_ExceptionMatches,PyErr_Clear,_Py_Dealloc,PyExc_OverflowError,PyErr_SetString,PyBuffer_Release,PyExc_OverflowError,PyErr_SetString,PyErr_Occurred, 13_2_00007FFE0CF94EC0
Source: C:\Users\user\AppData\Local\Temp\RarSFX0\version-checker-won-x64.exe Code function: 13_2_00007FFE0CF950DC PyLong_AsLongLongAndOverflow,sqlite3_bind_int64,PyTuple_Pack,PyDict_GetItemWithError,_Py_Dealloc,PyErr_Occurred,_PyObject_LookupAttr,_PyObject_LookupAttr,PyLong_Type,PyFloat_Type,PyUnicode_Type, 13_2_00007FFE0CF950DC
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1565536 Sample: LexusXA Installer.msi Startdate: 30/11/2024 Architecture: WINDOWS Score: 32 79 discord.com 2->79 85 Multi AV Scanner detection for dropped file 2->85 87 Multi AV Scanner detection for submitted file 2->87 11 LexusXA-installer-win_x64.exe 2 2->11         started        14 msiexec.exe 14 2->14         started        16 msiexec.exe 82 35 2->16         started        signatures3 process4 file5 59 C:\Users\...\LexusXA-installer-win_x64.tmp, PE32 11->59 dropped 18 LexusXA-installer-win_x64.tmp 31 12 11->18         started        61 C:\Users\user\AppData\Local\...\MSI5766.tmp, PE32 14->61 dropped 63 C:\Users\user\AppData\Local\...\MSI5736.tmp, PE32 14->63 dropped 65 C:\Users\user\AppData\Local\...\MSI245E.tmp, PE32 14->65 dropped 75 6 other malicious files 14->75 dropped 67 C:\Windows\Installer\MSI504C.tmp, PE32 16->67 dropped 69 C:\Windows\Installer\MSI501C.tmp, PE32 16->69 dropped 71 C:\Windows\Installer\MSI4F9E.tmp, PE32 16->71 dropped 73 C:\...\LexusXA-installer-win_x64.exe, PE32 16->73 dropped 22 msiexec.exe 16->22         started        24 msiexec.exe 16->24         started        process6 file7 49 C:\Users\...\version-iexpress-x64.exe (copy), PE32+ 18->49 dropped 51 C:\Users\user\AppData\...\unins000.exe (copy), PE32 18->51 dropped 53 C:\Users\user\AppData\Local\...\is-LOG4N.tmp, PE32+ 18->53 dropped 55 2 other files (1 malicious) 18->55 dropped 89 Creates an undocumented autostart registry key 18->89 26 version-iexpress-x64.exe 3 18->26         started        signatures8 process9 file10 57 C:\Users\user\...\version-checker-win-x64.exe, PE32 26->57 dropped 29 version-checker-win-x64.exe 12 26->29         started        process11 file12 77 C:\Users\user\...\version-checker-won-x64.exe, PE32+ 29->77 dropped 93 Multi AV Scanner detection for dropped file 29->93 33 version-checker-won-x64.exe 136 29->33         started        signatures13 process14 file15 41 C:\Users\user\AppData\...\win32evtlog.pyd, PE32+ 33->41 dropped 43 C:\Users\user\AppData\...\win32crypt.pyd, PE32+ 33->43 dropped 45 C:\Users\user\AppData\Local\...\win32api.pyd, PE32+ 33->45 dropped 47 107 other files (68 malicious) 33->47 dropped 83 Multi AV Scanner detection for dropped file 33->83 37 version-checker-won-x64.exe 2 33->37         started        signatures16 process17 dnsIp18 81 discord.com 162.159.137.232, 443, 49737 CLOUDFLARENETUS United States 37->81 91 Tries to harvest and steal browser information (history, passwords, etc) 37->91 signatures19
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
162.159.137.232
 discord.com United States
13335 CLOUDFLARENETUS false

Contacted Domains

Name IP Active
discord.com 162.159.137.232 true