Windows Analysis Report
250427-1egs2atlt3.bin.exe

Overview

General Information

Sample name: 250427-1egs2atlt3.bin.exe
Analysis ID: 1675665
MD5: 85005df7582f94aa50c38b7d1ff96f27
SHA1: 7dd678aa25127160beab4144414053a3541296fe
SHA256: 70adf18d3a200f5a3f5693a33b74585591100322fc53acc7fb2a705fda00a9c6
Tags: user-UNP4CK
Infos:

Detection

RHADAMANTHYS
Score: 100
Range: 0 - 100
Confidence: 100%

Signatures

Early bird code injection technique detected
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected RHADAMANTHYS Stealer
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Checks if the current machine is a virtual machine (disk enumeration)
Connects to many ports of the same IP (likely port scanning)
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Maps a DLL or memory area into another process
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to harvest and steal browser information (history, passwords, etc)
Writes to foreign memory regions
Allocates memory with a write watch (potentially for evading sandboxes)
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to detect virtual machines (SLDT)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
JA3 SSL client fingerprint seen in connection with other malware
One or more processes crash
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: Dllhost Internet Connection
Sigma detected: Uncommon Svchost Parent Process
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Keylogger Generic

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
Name Description Attribution Blogpost URLs Link
Rhadamanthys According to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.
  • Sandworm
https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys

AV Detection

barindex
Source: 2.2.file.exe.226c447baa0.0.unpack Malware Configuration Extractor: Rhadamanthys {"C2 url": "https://88.214.48.9:6372/3126302400d5f8/wfskqa4j.g0kwj"}
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\libmlt-7.dll ReversingLabs: Detection: 20%
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\msys-ncursesw631.dll ReversingLabs: Detection: 58%
Source: 250427-1egs2atlt3.bin.exe Virustotal: Detection: 14% Perma Link
Source: Submited Sample Neural Call Log Analysis: 98.3%
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A426B88 CryptUnprotectData, 16_2_00007DF46A426B88
Source: chrome.exe Binary or memory string: -----BEGIN PUBLIC KEY-----
Source: unknown HTTPS traffic detected: 88.214.48.9:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown HTTPS traffic detected: 88.214.48.9:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown HTTPS traffic detected: 88.214.48.9:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown HTTPS traffic detected: 88.214.48.9:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 88.214.48.9:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown HTTPS traffic detected: 88.214.48.9:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown HTTPS traffic detected: 88.214.48.9:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown HTTPS traffic detected: 88.214.48.9:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown HTTPS traffic detected: 88.214.48.9:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown HTTPS traffic detected: 88.214.48.9:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown HTTPS traffic detected: 88.214.48.9:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown HTTPS traffic detected: 88.214.48.9:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: 250427-1egs2atlt3.bin.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: wkernel32.pdb source: aspnet_wp.exe, 00000003.00000003.1204894393.0000000007820000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Windows\amd64_microsoft-windows-remotesp_31bf3856ad364e35_10.0.20348.3207_none_57a2e220891446f5\0\2.pdb source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1177240165.0000021BC4785000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1177071546.0000021BC450E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1193213825.00007FFC9DD18000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\Windows\amd64_microsoft-windows-remotesp_31bf3856ad364e35_10.0.20348.3207_none_57a2e220891446f5\0\2.pdb||2 source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1177240165.0000021BC4785000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1177071546.0000021BC450E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1193213825.00007FFC9DD18000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pkg.d7c6a10fb0263a69b4596321\node\out\Release\node.pdb source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF790EA9000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: wkernelbase.pdb source: aspnet_wp.exe, 00000003.00000003.1205295456.0000000007A40000.00000004.00000001.00020000.00000000.sdmp, aspnet_wp.exe, 00000003.00000003.1205140942.0000000007820000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: ntdll.pdb source: aspnet_wp.exe, 00000003.00000003.1203942692.0000000007820000.00000004.00000001.00020000.00000000.sdmp, aspnet_wp.exe, 00000003.00000003.1204172713.0000000007A10000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: wntdll.pdbUGP source: aspnet_wp.exe, 00000003.00000003.1204461000.0000000007820000.00000004.00000001.00020000.00000000.sdmp, aspnet_wp.exe, 00000003.00000003.1204639869.00000000079C0000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: ntdll.pdbUGP source: aspnet_wp.exe, 00000003.00000003.1203942692.0000000007820000.00000004.00000001.00020000.00000000.sdmp, aspnet_wp.exe, 00000003.00000003.1204172713.0000000007A10000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: aspnet_wp.exe, 00000003.00000003.1204461000.0000000007820000.00000004.00000001.00020000.00000000.sdmp, aspnet_wp.exe, 00000003.00000003.1204639869.00000000079C0000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pkg.d7c6a10fb0263a69b4596321\node\out\Release\node.pdb) source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF790EA9000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: wkernelbase.pdbUGP source: aspnet_wp.exe, 00000003.00000003.1205295456.0000000007A40000.00000004.00000001.00020000.00000000.sdmp, aspnet_wp.exe, 00000003.00000003.1205140942.0000000007820000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: wkernel32.pdbUGP source: aspnet_wp.exe, 00000003.00000003.1204894393.0000000007820000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Windows\210287e6dc6bfc86b1c9c94e7ceb34f0\4709c51b3a23b3a0e9712525358f7360\WDI\IIEHost\MRT\tr\2.pdb source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1214780821.0000021BC4BE1000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1177495351.0000021BC4A09000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1192929287.00007FFC9DA89000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: C:\Windows\210287e6dc6bfc86b1c9c94e7ceb34f0\4709c51b3a23b3a0e9712525358f7360\WDI\IIEHost\MRT\tr\2.pdbyy2 source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1214780821.0000021BC4BE1000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1177495351.0000021BC4A09000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1192929287.00007FFC9DA89000.00000002.00000001.01000000.00000007.sdmp
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_3_00469608 FindFirstFileExW, 3_3_00469608
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A421618 FindFirstFileW,DeleteFileW,FindNextFileW,RemoveDirectoryW, 16_2_00007DF46A421618
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Adobe Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Adobe\Acrobat Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then mov eax, dword ptr [rcx] 2_2_00007FF7C9F189C0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then mov eax, dword ptr [rsi] 2_2_00007FF7C9F1AE50
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then sub rsp, 28h 2_2_00007FFC9D97EE20
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then push rbx 2_2_00007FFC9D9C3060
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then push rbx 2_2_00007FFC9D996A60
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then push r15 2_2_00007FFC9D988900
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then sub rsp, 28h 2_2_00007FFC9D978960
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then sub rsp, 38h 2_2_00007FFC9D9D9BA0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then sub rsp, 38h 2_2_00007FFC9D978BB0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then push rdi 2_2_00007FFC9DA13BD0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then xor eax, eax 2_2_00007FFC9D96CB30
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then push rbp 2_2_00007FFC9DA0AAE0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then push rbx 2_2_00007FFC9D97F610
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then push rdi 2_2_00007FFC9D97F610
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then sub rsp, 28h 2_2_00007FFC9D97F4C0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then push rbx 2_2_00007FFC9D965820
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then sub rsp, 28h 2_2_00007FFC9D978850
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then push r15 2_2_00007FFC9D993790
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then mov rcx, qword ptr [rcx+08h] 2_2_00007FFC9D96C7F3
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then push rsi 2_2_00007FFC9D9EA690
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then push rbx 2_2_00007FFC9D97F1A0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then push rbx 2_2_00007FFC9D97F1A0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then push rdi 2_2_00007FFC9DA0D0E0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then push r14 2_2_00007FFC9DA0D0E0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then push r14 2_2_00007FFC9D9D43A0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then push rbx 2_2_00007FFC9DA0D320
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then push rbx 2_2_00007FFC9D97F340
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then push rsi 2_2_00007FFC9D97F340
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then push rbx 2_2_00007FFC9D97F340
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then push rbx 2_2_00007FFC9D97F340
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then push r15 2_2_00007FFC9D987340
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then push r15 2_2_00007FFC9D987340
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then mov rcx, qword ptr [rcx+08h] 2_2_00007FFC9DBA5920
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then push r15 2_2_00007FFC9DBC7980
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then push r15 2_2_00007FFC9DBAB890
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then push rbx 2_2_00007FFC9DB9DC40
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then push rbx 2_2_00007FFC9DB99AE0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then push r15 2_2_00007FFC9DBABAF6
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then push rbx 2_2_00007FFC9DC93080
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then push rdi 2_2_00007FFC9DC070A0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then sub rsp, 38h 2_2_00007FFC9DC1B2C0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then push r15 2_2_00007FFC9DC92E20
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then sub rsp, 28h 2_2_00007FFC9DC92E20
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then sub rsp, 28h 2_2_00007FFC9DBBACC0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then push rbp 2_2_00007FFC9DC4CCA0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then push rbx 2_2_00007FFC9DC73040
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then push rbx 2_2_00007FFC9DB9CFA0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then sub rsp, 28h 2_2_00007FFC9DBBAC40
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then push rsi 2_2_00007FFC9DBBAACA
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then test rdx, rdx 2_2_00007FFC9DBBC4F0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then mov eax, dword ptr [rcx+38h] 2_2_00007FFC9DC54850
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then push r14 2_2_00007FFC9DC16860
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then sub rsp, 28h 2_2_00007FFC9DBB21F0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then xor eax, eax 2_2_00007FFC9DBA6100
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then test rdx, rdx 2_2_00007FFC9DBB4090
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 4x nop then jmp 00007FFCA0B41198h 2_2_00007FFCA0A73A20
Source: C:\Windows\System32\svchost.exe Code function: 4x nop then dec esp 16_2_000001CD8FF10511
Source: C:\Windows\System32\svchost.exe Code function: 4x nop then dec esp 16_2_00007DF46A4325B1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 4x nop then dec esp 17_2_00000197DC6525B1
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 4x nop then dec esp 24_2_0000023FD61A5681
Source: chrome.exe Memory has grown: Private usage: 3MB later: 31MB

Networking

barindex
Source: Network traffic Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 88.214.48.9:6372 -> 192.168.2.4:49719
Source: Network traffic Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 88.214.48.9:6372 -> 192.168.2.4:49731
Source: Network traffic Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 88.214.48.9:6372 -> 192.168.2.4:49732
Source: Network traffic Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 88.214.48.9:443 -> 192.168.2.4:49733
Source: Network traffic Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 88.214.48.9:443 -> 192.168.2.4:49737
Source: Network traffic Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 88.214.48.9:443 -> 192.168.2.4:49735
Source: Network traffic Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 88.214.48.9:443 -> 192.168.2.4:49741
Source: Network traffic Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 88.214.48.9:443 -> 192.168.2.4:49745
Source: Network traffic Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 88.214.48.9:443 -> 192.168.2.4:49736
Source: Network traffic Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 88.214.48.9:443 -> 192.168.2.4:49738
Source: Network traffic Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 88.214.48.9:443 -> 192.168.2.4:49740
Source: Network traffic Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 88.214.48.9:443 -> 192.168.2.4:49742
Source: Network traffic Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 88.214.48.9:443 -> 192.168.2.4:49743
Source: Network traffic Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 88.214.48.9:443 -> 192.168.2.4:49739
Source: Network traffic Suricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 88.214.48.9:443 -> 192.168.2.4:49744
Source: Malware configuration extractor URLs: https://88.214.48.9:6372/3126302400d5f8/wfskqa4j.g0kwj
Source: global traffic TCP traffic: 88.214.48.9 ports 6372,2,3,443,6,7
Source: global traffic TCP traffic: 192.168.2.4:49719 -> 88.214.48.9:6372
Source: Joe Sandbox View IP Address: 94.198.159.10 94.198.159.10
Source: Joe Sandbox View IP Address: 129.6.15.28 129.6.15.28
Source: Joe Sandbox View IP Address: 162.159.200.123 162.159.200.123
Source: Joe Sandbox View JA3 fingerprint: caec7ddf6889590d999d7ca1b76373b6
Source: Network traffic Suricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 88.214.48.9:6372 -> 192.168.2.4:49731
Source: Network traffic Suricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 88.214.48.9:6372 -> 192.168.2.4:49732
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: unknown TCP traffic detected without corresponding DNS query: 88.214.48.9
Source: global traffic DNS traffic detected: DNS query: time.facebook.com
Source: global traffic DNS traffic detected: DNS query: time-a-g.nist.gov
Source: global traffic DNS traffic detected: DNS query: time.windows.com
Source: global traffic DNS traffic detected: DNS query: time.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: time.google.com
Source: global traffic DNS traffic detected: DNS query: ntp.time.nl
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176768204.0000021BC3F80000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176633504.0000021BC3EB1000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176704594.0000021BC3F2B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176768204.0000021BC3F80000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176633504.0000021BC3EB1000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176704594.0000021BC3F2B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176768204.0000021BC3F80000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176633504.0000021BC3EB1000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176704594.0000021BC3F2B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176768204.0000021BC3F80000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176633504.0000021BC3EB1000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176704594.0000021BC3F2B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: http://code.google.com/p/closure-compiler/wiki/SourceMaps
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176768204.0000021BC3F80000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176633504.0000021BC3EB1000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176704594.0000021BC3F2B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176768204.0000021BC3F80000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176633504.0000021BC3EB1000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176704594.0000021BC3F2B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176768204.0000021BC3F80000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176633504.0000021BC3EB1000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176704594.0000021BC3F2B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176704594.0000021BC3F2B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176768204.0000021BC3F80000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176633504.0000021BC3EB1000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176704594.0000021BC3F2B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: http://narwhaljs.org)
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176768204.0000021BC3F80000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176633504.0000021BC3EB1000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176704594.0000021BC3F2B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176768204.0000021BC3F80000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176633504.0000021BC3EB1000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176704594.0000021BC3F2B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0A
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176768204.0000021BC3F80000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176633504.0000021BC3EB1000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176704594.0000021BC3F2B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0C
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176768204.0000021BC3F80000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176633504.0000021BC3EB1000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176704594.0000021BC3F2B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0X
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.js
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: http://userguide.icu-project.org/strings/properties
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.3waylabs.com/nw/WWW/products/wizcon/vt220.html
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176768204.0000021BC3F80000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176633504.0000021BC3EB1000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176704594.0000021BC3F2B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.digicert.com/CPS0
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.midnight-commander.org/browser/lib/tty/key.c
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: http://www.squid-cache.org/Doc/config/half_closed_clients/
Source: svchost.exe String found in binary or memory: https://88.214.48.9:6372/3126302400d5f8/wfskqa4j.g0kwj
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1214780821.0000021BC4BE1000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1177495351.0000021BC4A09000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1192929287.00007FFC9DA89000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://aka.ms/GlobalizationInvariantMode
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1214780821.0000021BC4BE1000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1177495351.0000021BC4A09000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1177240165.0000021BC4785000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1177071546.0000021BC450E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1193213825.00007FFC9DD18000.00000002.00000001.01000000.00000006.sdmp, file.exe, 00000002.00000002.1192929287.00007FFC9DA89000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000002.00000002.1193325289.00007FFC9DDEE000.00000004.00000001.01000000.00000006.sdmp String found in binary or memory: https://aka.ms/dotnet-warnings/
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1214780821.0000021BC4BE1000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1177495351.0000021BC4A09000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1192929287.00007FFC9DA89000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://aka.ms/nativeaot-compatibility
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1214780821.0000021BC4BE1000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1177495351.0000021BC4A09000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1192929287.00007FFC9DA89000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://aka.ms/nativeaot-compatibilityY
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1214780821.0000021BC4BE1000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1177495351.0000021BC4A09000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1192929287.00007FFC9DA89000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://aka.ms/nativeaot-compatibilityy
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=10201
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=10704
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1215186276.0000012383D41000.00000004.00001000.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=6593
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=745678
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=25916
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1215376861.0000032CECA01000.00000004.00001000.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://console.spec.whatwg.org/#clear
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://console.spec.whatwg.org/#console-namespace
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://console.spec.whatwg.org/#count
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1215376861.0000032CECA01000.00000004.00001000.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://console.spec.whatwg.org/#count-map
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://console.spec.whatwg.org/#countreset
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://console.spec.whatwg.org/#table
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1215186276.0000012383D41000.00000004.00001000.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/v8/7848
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://crbug.com/v8/8520
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://cs.chromium.org/chromium/src/v8/tools/SourceMap.js?rcl=dd10454c1d
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/SpiderMonkey/Parser_API
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Equality_comparisons_and_sameness#Loose_equa
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1215376861.0000032CECA01000.00000004.00001000.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://encoding.spec.whatwg.org
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1215186276.0000012383D41000.00000004.00001000.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://encoding.spec.whatwg.org/#textdecoder
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1215186276.0000012383D41000.00000004.00001000.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://encoding.spec.whatwg.org/#textencoder
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1215299341.000001D0B5C41000.00000004.00001000.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://esdiscuss.org/topic/isconstructor#content-11
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://fetch.spec.whatwg.org/
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://gist.github.com/XVilka/8346728#gistcomment-2823421
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/WICG/scheduling-apis
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/WebAssembly/esm-integration/issues/42
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/acornjs/acorn/blob/master/acorn/src/identifier.js#L23
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/acornjs/acorn/issues/575
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1215299341.000001D0B5C41000.00000004.00001000.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/addaleax/eventemitter-asyncresource
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/antirez/linenoise
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1215299341.000001D0B5C41000.00000004.00001000.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/chalk/ansi-regex/blob/HEAD/index.js
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/chalk/supports-color
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/chromium/chromium/blob/HEAD/third_party/blink/public/platform/web_crypto_algorith
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/da-x/rxvt-unicode/tree/v9.22-with-24bit-color
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/estree/estree/blob/a27003adf4fd7bfad44de9cef372a2eacd527b1c/es5.md#regexpliteral
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/repairES5.js
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/startSES.js
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/google/closure-compiler/wiki/Source-Maps
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/isaacs/color-support.
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/joyent/node/issues/3295.
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/libuv/libuv/pull/1501.
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/mafintosh/end-of-stream
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/mafintosh/pump
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/mysticatea/abort-controller
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node-v0.x-archive/issues/2876.
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176526264.0000021BBA6CF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/blob/1a96d83a223ff9f05f7d942fb84440d323f7b596/lib/internal/bootstrap/
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/commit/ec2822adaad76b126b5cccdeaa1addf2376c9aa6
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/commit/f7620fb96d339f704932f9bb9a0dceb9952df2d4
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1215186276.0000012383D41000.00000004.00001000.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/issues
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/10673
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/13435
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/19009
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/2006
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/2119
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1215186276.0000012383D41000.00000004.00001000.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/31074
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/3392
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/34532
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/35475
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/35862
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/35981
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/39707
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/39758
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/12342
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/12607
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/13870#discussion_r124515293
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/1771#issuecomment-119351671
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/21313
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/26334.
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1215186276.0000012383D41000.00000004.00001000.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/30380#issuecomment-552948364
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/30958
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176526264.0000021BBA6CF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/33229
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/33515.
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/33661
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/3394
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/34010
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/34103#issuecomment-652002364
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/34375
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/34385
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/35949#issuecomment-722496598
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/36061#discussion_r533718029
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1215186276.0000012383D41000.00000004.00001000.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/38248
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1215299341.000001D0B5C41000.00000004.00001000.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/38433#issuecomment-828426932
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1215186276.0000012383D41000.00000004.00001000.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/38614)
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/standard-things/esm/issues/821.
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/tc39/ecma262/blob/HEAD/LICENSE.md
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1215299341.000001D0B5C41000.00000004.00001000.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/tc39/ecma262/issues/1209
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/tc39/proposal-iterator-helpers/issues/169
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/tc39/proposal-ses/blob/e5271cc42a257a05dcae2fd94713ed2f46c08620/shim/src/freeze.j
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://github.com/tc39/proposal-weakrefs
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176526264.0000021BBA6CF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/vercel/pkg/issues/1589
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://goo.gl/t5IS6M).
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1215186276.0000012383D41000.00000004.00001000.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://heycam.github.io/webidl/#Replaceable
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1215186276.0000012383D41000.00000004.00001000.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://heycam.github.io/webidl/#define-the-operations
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://heycam.github.io/webidl/#dfn-class-string
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://heycam.github.io/webidl/#dfn-default-iterator-object
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://heycam.github.io/webidl/#dfn-iterator-prototype-object
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1215186276.0000012383D41000.00000004.00001000.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://heycam.github.io/webidl/#es-interfaces
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://heycam.github.io/webidl/#es-iterable
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://heycam.github.io/webidl/#es-iterable-entries
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://heycam.github.io/webidl/#es-iterators
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1215186276.0000012383D41000.00000004.00001000.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://heycam.github.io/webidl/#es-namespaces
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://heycam.github.io/webidl/#es-operations
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://heycam.github.io/webidl/#es-stringifier
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaque
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1215186276.0000012383D41000.00000004.00001000.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://invisible-island.net/ncurses/terminfo.ti.html#toc-_Specials
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://invisible-island.net/xterm/ctlseqs/ctlseqs.html
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://jimmy.warting.se/opensource
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://linux.die.net/man/1/dircolors).
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://no-color.org/
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://nodejs.org/
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1215376861.0000032CECA01000.00000004.00001000.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode).
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/api/fs.html
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://nodejs.org/api/fs.html#fs_stat_time_values)
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/download/release/v16.16.0/node-v16.16.0-headers.tar.gz
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/download/release/v16.16.0/node-v16.16.0.tar.gz
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://nodejs.org/download/release/v16.16.0/node-v16.16.0.tar.gzhttps://nodejs.org/download/release
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/download/release/v16.16.0/win-x64/node.lib
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://sourcemaps.info/spec.html
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://stackoverflow.com/a/5501711/3561
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1215186276.0000012383D41000.00000004.00001000.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tc39.es/ecma262/#sec-%typedarray%-intrinsic-object
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1215299341.000001D0B5C41000.00000004.00001000.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tc39.es/proposal-iterator-helpers/#sec-iteratorprototype.some
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1215299341.000001D0B5C41000.00000004.00001000.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tc39.github.io/ecma262/#sec-%typedarray%.of
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://tc39.github.io/ecma262/#sec-object.prototype.tostring
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc2397#section-2
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc3492#section-3.4
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc3986#section-3.2.2
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc6455#section-1.3
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.2
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.6
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc7540#section-8.1.2.5
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://url.spec.whatwg.org/#cannot-have-a-username-password-port
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://url.spec.whatwg.org/#concept-url
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://url.spec.whatwg.org/#concept-url-origin
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-parser
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-serializer
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://url.spec.whatwg.org/#special-scheme
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1215186276.0000012383D41000.00000004.00001000.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://url.spec.whatwg.org/#url
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://url.spec.whatwg.org/#url-serializing
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1215186276.0000012383D41000.00000004.00001000.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams-stringification-behavior
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://v8.dev/blog/v8-release-89
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#the-integrity-attribute
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3F
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-line-terminators
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1215186276.0000012383D41000.00000004.00001000.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-promise.all
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-timeclip
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/5.1/#sec-15.1.3.4
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Alternative
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Atom
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClass
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClassEscape
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtom
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtomNoDash
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassRanges
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlEscape
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlLetter
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalDigits
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalEscape
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Disjunction
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Hex4Digits
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigit
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigits
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexEscapeSequence
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRanges
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRangesNoDash
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-OctalDigit
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Pattern
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-PatternCharacter
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Quantifier
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-QuantifierPrefix
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-RegExpUnicodeEscapeSequence
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-SyntaxCharacter
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Assertion
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-AtomEscape
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-CharacterEscape
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassControlLetter
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassEscape
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedAtom
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedPatternCharacter
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-IdentityEscape
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-InvalidBracedQuantifier
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-LegacyOctalEscapeSequence
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Term
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-atomescape
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-term
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176954062.0000021BC43DC000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176846680.0000021BC42B0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.gnu.org/licenses/
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp String found in binary or memory: https://www.iana.org/assignments/tls-extensiontype-values
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176768204.0000021BC3F80000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176633504.0000021BC3EB1000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176704594.0000021BC3F2B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.meltytech.com0
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176446259.0000021BC2A39000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1210843074.0000021BC2ABF000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176821643.0000021BC2ABB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.mingw-w64.org/X
Source: file.exe, 00000002.00000002.1192781102.00007FF7C9F1E000.00000002.00000001.01000000.00000004.sdmp String found in binary or memory: https://www.mltframework.org/
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1215299341.000001D0B5C41000.00000004.00001000.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1162287425.0000021BBA7A8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown HTTPS traffic detected: 88.214.48.9:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown HTTPS traffic detected: 88.214.48.9:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown HTTPS traffic detected: 88.214.48.9:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown HTTPS traffic detected: 88.214.48.9:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 88.214.48.9:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown HTTPS traffic detected: 88.214.48.9:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown HTTPS traffic detected: 88.214.48.9:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown HTTPS traffic detected: 88.214.48.9:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown HTTPS traffic detected: 88.214.48.9:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown HTTPS traffic detected: 88.214.48.9:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown HTTPS traffic detected: 88.214.48.9:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown HTTPS traffic detected: 88.214.48.9:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: aspnet_wp.exe, 00000003.00000003.1205295456.0000000007A40000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: DirectInput8Create memstr_b374c5f9-6
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1211295094.0000021BC4DBE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: GetRawInputData memstr_37a7909d-2
Source: Yara match File source: 3.3.aspnet_wp.exe.7a40000.7.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.3.fontdrvhost.exe.4be0000.6.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.3.aspnet_wp.exe.7a40000.7.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.3.fontdrvhost.exe.4be0000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.3.fontdrvhost.exe.4e00000.7.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 3.3.aspnet_wp.exe.7820000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.3.fontdrvhost.exe.4be0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000005.00000003.1209634035.0000000004BE0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000003.1205295456.0000000007A40000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000003.1205140942.0000000007820000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000003.1210157582.0000000004E00000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: aspnet_wp.exe PID: 7768, type: MEMORYSTR
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A421364 CreateDesktopW,CreateProcessW,GetExitCodeProcess,TerminateProcess, 16_2_00007DF46A421364
Source: C:\Windows\System32\svchost.exe Code function: 16_2_000001CD8FF115C0 NtAcceptConnectPort, 16_2_000001CD8FF115C0
Source: C:\Windows\System32\svchost.exe Code function: 16_2_000001CD8FF11CF4 NtAcceptConnectPort,CloseHandle, 16_2_000001CD8FF11CF4
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A42EEF0 NtAcceptConnectPort, 16_2_00007DF46A42EEF0
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A430188 calloc,NtAcceptConnectPort,free, 16_2_00007DF46A430188
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A42F244 NtAcceptConnectPort, 16_2_00007DF46A42F244
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A42F224 NtAcceptConnectPort, 16_2_00007DF46A42F224
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A42EFCC NtAcceptConnectPort, 16_2_00007DF46A42EFCC
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A42FFDC RtlDosPathNameToNtPathName_U,NtAcceptConnectPort,NtAcceptConnectPort,free, 16_2_00007DF46A42FFDC
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A42EFAC NtAcceptConnectPort, 16_2_00007DF46A42EFAC
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A42F050 NtAcceptConnectPort, 16_2_00007DF46A42F050
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A42F0B8 NtAcceptConnectPort, 16_2_00007DF46A42F0B8
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A42F76C calloc,DuplicateHandle,NtAcceptConnectPort,free,NtAcceptConnectPort,NtAcceptConnectPort, 16_2_00007DF46A42F76C
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A42F3FC CreateFileMappingW,MapViewOfFile,DuplicateHandle,NtAcceptConnectPort, 16_2_00007DF46A42F3FC
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC64EF64 NtAcceptConnectPort, 17_2_00000197DC64EF64
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC64F19C NtAcceptConnectPort, 17_2_00000197DC64F19C
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_00007DF4D1C01958 calloc,NtAllocateVirtualMemory,NtWriteVirtualMemory,NtQueryInformationProcess,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtProtectVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,NtProtectVirtualMemory, 24_3_00007DF4D1C01958
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_00007DF4D1C01CE8 CreateProcessW,NtResumeThread,CloseHandle,free, 24_3_00007DF4D1C01CE8
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61B3078 NtAcceptConnectPort, 24_2_0000023FD61B3078
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61B30BC NtAcceptConnectPort, 24_2_0000023FD61B30BC
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61B2EA0 NtAcceptConnectPort, 24_2_0000023FD61B2EA0
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61B2F74 NtAcceptConnectPort, 24_2_0000023FD61B2F74
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61B2FA0 NtAcceptConnectPort, 24_2_0000023FD61B2FA0
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61B2FD0 NtAcceptConnectPort, 24_2_0000023FD61B2FD0
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61B2B00 NtAcceptConnectPort, 24_2_0000023FD61B2B00
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61B334C NtAcceptConnectPort, 24_2_0000023FD61B334C
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61B2C14 NtAcceptConnectPort, 24_2_0000023FD61B2C14
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BA2E90 NtQuerySystemInformation,NtQuerySystemInformation, 24_2_00007DF4D1BA2E90
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FF7C9F12320 2_2_00007FF7C9F12320
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FF7C9F17760 2_2_00007FF7C9F17760
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FF7C9F18BC0 2_2_00007FF7C9F18BC0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FF7C9F1B2D0 2_2_00007FF7C9F1B2D0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9D96FE20 2_2_00007FFC9D96FE20
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9D962DFF 2_2_00007FFC9D962DFF
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DA0DD80 2_2_00007FFC9DA0DD80
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9D97A000 2_2_00007FFC9D97A000
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9D97AFC0 2_2_00007FFC9D97AFC0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DA0B940 2_2_00007FFC9DA0B940
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9D962C20 2_2_00007FFC9D962C20
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9D9FBC40 2_2_00007FFC9D9FBC40
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9D9A4C40 2_2_00007FFC9D9A4C40
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DA16B20 2_2_00007FFC9DA16B20
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DA12AA0 2_2_00007FFC9DA12AA0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9D96FA80 2_2_00007FFC9D96FA80
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9D98F660 2_2_00007FFC9D98F660
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DA14640 2_2_00007FFC9DA14640
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DA0D5A0 2_2_00007FFC9DA0D5A0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9D990500 2_2_00007FFC9D990500
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9D9DC540 2_2_00007FFC9D9DC540
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9D97A800 2_2_00007FFC9D97A800
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DA13850 2_2_00007FFC9DA13850
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9D96A7C0 2_2_00007FFC9D96A7C0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9D972720 2_2_00007FFC9D972720
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9D978700 2_2_00007FFC9D978700
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DA0B6C0 2_2_00007FFC9DA0B6C0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9D97A100 2_2_00007FFC9D97A100
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DA0F410 2_2_00007FFC9DA0F410
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9D9A63E0 2_2_00007FFC9D9A63E0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9D9EF320 2_2_00007FFC9D9EF320
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DC74000 2_2_00007FFC9DC74000
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DBB2030 2_2_00007FFC9DBB2030
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DC19AA0 2_2_00007FFC9DC19AA0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DC1DAA0 2_2_00007FFC9DC1DAA0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DBCF600 2_2_00007FFC9DBCF600
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DC9B610 2_2_00007FFC9DC9B610
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DBB5500 2_2_00007FFC9DBB5500
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DC8F4C0 2_2_00007FFC9DC8F4C0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DBA1680 2_2_00007FFC9DBA1680
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DC0F220 2_2_00007FFC9DC0F220
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DCAD3E0 2_2_00007FFC9DCAD3E0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DC95290 2_2_00007FFC9DC95290
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DC16DE0 2_2_00007FFC9DC16DE0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DBB4D40 2_2_00007FFC9DBB4D40
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DBA2CC0 2_2_00007FFC9DBA2CC0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DBED040 2_2_00007FFC9DBED040
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DC7F040 2_2_00007FFC9DC7F040
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DBA9000 2_2_00007FFC9DBA9000
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DB9EFA7 2_2_00007FFC9DB9EFA7
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DC16A20 2_2_00007FFC9DC16A20
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DC96B50 2_2_00007FFC9DC96B50
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DBE8580 2_2_00007FFC9DBE8580
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DB925A0 2_2_00007FFC9DB925A0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DC90560 2_2_00007FFC9DC90560
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DC9A860 2_2_00007FFC9DC9A860
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DC92760 2_2_00007FFC9DC92760
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DBB4460 2_2_00007FFC9DBB4460
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DB923C0 2_2_00007FFC9DB923C0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DC8C3E0 2_2_00007FFC9DC8C3E0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DC1E340 2_2_00007FFC9DC1E340
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DBB4360 2_2_00007FFC9DBB4360
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DC6C360 2_2_00007FFC9DC6C360
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFCA09DEA60 2_2_00007FFCA09DEA60
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFCA09DDA40 2_2_00007FFCA09DDA40
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFCA09DD190 2_2_00007FFCA09DD190
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFCA09DE1C0 2_2_00007FFCA09DE1C0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFCA09D2B00 2_2_00007FFCA09D2B00
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFCA09DF350 2_2_00007FFCA09DF350
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFCA0A0CD10 2_2_00007FFCA0A0CD10
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFCA09DBD50 2_2_00007FFCA09DBD50
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFCA0A084F0 2_2_00007FFCA0A084F0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFCA09E1DB0 2_2_00007FFCA09E1DB0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFCA09DC5F0 2_2_00007FFCA09DC5F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_3_0046CC25 3_3_0046CC25
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_3_0045C09A 3_3_0045C09A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_3_00461170 3_3_00461170
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_3_0045F13B 3_3_0045F13B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_3_0046264D 3_3_0046264D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_3_0045C3DC 3_3_0045C3DC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_3_00466F89 3_3_00466F89
Source: C:\Windows\System32\svchost.exe Code function: 16_3_000001CD8FF54A84 16_3_000001CD8FF54A84
Source: C:\Windows\System32\svchost.exe Code function: 16_3_000001CD8FF52C73 16_3_000001CD8FF52C73
Source: C:\Windows\System32\svchost.exe Code function: 16_3_000001CD8FF51BDD 16_3_000001CD8FF51BDD
Source: C:\Windows\System32\svchost.exe Code function: 16_3_000001CD8FF527D3 16_3_000001CD8FF527D3
Source: C:\Windows\System32\svchost.exe Code function: 16_3_000001CD8FF55EC8 16_3_000001CD8FF55EC8
Source: C:\Windows\System32\svchost.exe Code function: 16_3_000001CD8FF555C8 16_3_000001CD8FF555C8
Source: C:\Windows\System32\svchost.exe Code function: 16_3_000001CD8FF55948 16_3_000001CD8FF55948
Source: C:\Windows\System32\svchost.exe Code function: 16_3_000001CD8FF5252E 16_3_000001CD8FF5252E
Source: C:\Windows\System32\svchost.exe Code function: 16_2_000001CD8FF10C70 16_2_000001CD8FF10C70
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A40286C 16_2_00007DF46A40286C
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A417E74 16_2_00007DF46A417E74
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A421364 16_2_00007DF46A421364
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A414040 16_2_00007DF46A414040
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A4EA9E4 16_2_00007DF46A4EA9E4
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A42198C 16_2_00007DF46A42198C
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A40F9A0 16_2_00007DF46A40F9A0
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A455A0C 16_2_00007DF46A455A0C
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A480AE4 16_2_00007DF46A480AE4
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A4E2A7C 16_2_00007DF46A4E2A7C
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A421B54 16_2_00007DF46A421B54
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A4AA790 16_2_00007DF46A4AA790
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A471784 16_2_00007DF46A471784
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A42D8B8 16_2_00007DF46A42D8B8
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A4EE908 16_2_00007DF46A4EE908
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A448910 16_2_00007DF46A448910
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A4A1D7C 16_2_00007DF46A4A1D7C
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A43CD74 16_2_00007DF46A43CD74
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A4E7D94 16_2_00007DF46A4E7D94
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A4EEE3C 16_2_00007DF46A4EEE3C
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A527E4C 16_2_00007DF46A527E4C
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A460EA0 16_2_00007DF46A460EA0
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A46CF24 16_2_00007DF46A46CF24
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A475BEC 16_2_00007DF46A475BEC
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A4F4C70 16_2_00007DF46A4F4C70
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A4CDC78 16_2_00007DF46A4CDC78
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A508D64 16_2_00007DF46A508D64
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A453D28 16_2_00007DF46A453D28
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A50BD30 16_2_00007DF46A50BD30
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A4DE1EC 16_2_00007DF46A4DE1EC
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A435254 16_2_00007DF46A435254
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A46D210 16_2_00007DF46A46D210
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A460344 16_2_00007DF46A460344
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A4EF354 16_2_00007DF46A4EF354
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A4EEFBC 16_2_00007DF46A4EEFBC
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A4EDFB4 16_2_00007DF46A4EDFB4
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A405FA0 16_2_00007DF46A405FA0
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A456FB0 16_2_00007DF46A456FB0
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A45D050 16_2_00007DF46A45D050
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A401058 16_2_00007DF46A401058
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A4FC010 16_2_00007DF46A4FC010
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A45F0C4 16_2_00007DF46A45F0C4
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A4540B4 16_2_00007DF46A4540B4
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A46D100 16_2_00007DF46A46D100
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A46D668 16_2_00007DF46A46D668
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A47D610 16_2_00007DF46A47D610
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A4556C0 16_2_00007DF46A4556C0
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A41F408 16_2_00007DF46A41F408
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A4EE4EC 16_2_00007DF46A4EE4EC
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A4EC4B0 16_2_00007DF46A4EC4B0
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A412500 16_2_00007DF46A412500
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A4FC52C 16_2_00007DF46A4FC52C
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC641B54 17_2_00000197DC641B54
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC695BEC 17_2_00000197DC695BEC
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC6EDC78 17_2_00000197DC6EDC78
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC673D28 17_2_00000197DC673D28
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC707D94 17_2_00000197DC707D94
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC65CD74 17_2_00000197DC65CD74
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC728D64 17_2_00000197DC728D64
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC680EA0 17_2_00000197DC680EA0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC637E74 17_2_00000197DC637E74
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC70EE3C 17_2_00000197DC70EE3C
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC6756C0 17_2_00000197DC6756C0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC691784 17_2_00000197DC691784
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC6CA790 17_2_00000197DC6CA790
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC62286C 17_2_00000197DC62286C
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC70E908 17_2_00000197DC70E908
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC668910 17_2_00000197DC668910
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC64D8B8 17_2_00000197DC64D8B8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC62F9A0 17_2_00000197DC62F9A0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC64198C 17_2_00000197DC64198C
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC675A0C 17_2_00000197DC675A0C
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC70A9E4 17_2_00000197DC70A9E4
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC702A7C 17_2_00000197DC702A7C
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC641364 17_2_00000197DC641364
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC680344 17_2_00000197DC680344
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC70F354 17_2_00000197DC70F354
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC63F408 17_2_00000197DC63F408
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC71C52C 17_2_00000197DC71C52C
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC632500 17_2_00000197DC632500
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC70E4EC 17_2_00000197DC70E4EC
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC69D610 17_2_00000197DC69D610
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC68D668 17_2_00000197DC68D668
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC68CF24 17_2_00000197DC68CF24
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC625FA0 17_2_00000197DC625FA0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC70DFB4 17_2_00000197DC70DFB4
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC676FB0 17_2_00000197DC676FB0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC74F008 17_2_00000197DC74F008
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC71C010 17_2_00000197DC71C010
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC70EFBC 17_2_00000197DC70EFBC
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC6740B4 17_2_00000197DC6740B4
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC621058 17_2_00000197DC621058
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC67D050 17_2_00000197DC67D050
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC68D100 17_2_00000197DC68D100
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC67F0C4 17_2_00000197DC67F0C4
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC68D210 17_2_00000197DC68D210
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Code function: 17_2_00000197DC6FE1EC 17_2_00000197DC6FE1EC
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_00007DF4D1C04EFC 24_3_00007DF4D1C04EFC
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_00007DF4D1C02204 24_3_00007DF4D1C02204
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_00007DF4D1C0392C 24_3_00007DF4D1C0392C
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6391F40 24_3_0000023FD6391F40
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6391F40 24_3_0000023FD6391F40
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6391F40 24_3_0000023FD6391F40
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6391F40 24_3_0000023FD6391F40
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6391716 24_3_0000023FD6391716
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6391716 24_3_0000023FD6391716
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6391716 24_3_0000023FD6391716
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6391716 24_3_0000023FD6391716
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6390283 24_3_0000023FD6390283
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6390283 24_3_0000023FD6390283
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6390283 24_3_0000023FD6390283
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6390283 24_3_0000023FD6390283
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD639366C 24_3_0000023FD639366C
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD639366C 24_3_0000023FD639366C
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD639366C 24_3_0000023FD639366C
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD639366C 24_3_0000023FD639366C
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6391F40 24_3_0000023FD6391F40
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6391F40 24_3_0000023FD6391F40
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6391F40 24_3_0000023FD6391F40
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6391F40 24_3_0000023FD6391F40
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6391716 24_3_0000023FD6391716
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6391716 24_3_0000023FD6391716
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6391716 24_3_0000023FD6391716
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6391716 24_3_0000023FD6391716
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6390283 24_3_0000023FD6390283
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6390283 24_3_0000023FD6390283
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6390283 24_3_0000023FD6390283
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6390283 24_3_0000023FD6390283
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD639366C 24_3_0000023FD639366C
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD639366C 24_3_0000023FD639366C
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD639366C 24_3_0000023FD639366C
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD639366C 24_3_0000023FD639366C
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6391F40 24_3_0000023FD6391F40
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6391F40 24_3_0000023FD6391F40
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6391F40 24_3_0000023FD6391F40
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6391F40 24_3_0000023FD6391F40
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6391716 24_3_0000023FD6391716
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6391716 24_3_0000023FD6391716
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6391716 24_3_0000023FD6391716
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6391716 24_3_0000023FD6391716
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6390283 24_3_0000023FD6390283
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6390283 24_3_0000023FD6390283
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6390283 24_3_0000023FD6390283
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6390283 24_3_0000023FD6390283
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD639366C 24_3_0000023FD639366C
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD639366C 24_3_0000023FD639366C
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD639366C 24_3_0000023FD639366C
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD639366C 24_3_0000023FD639366C
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6391F40 24_3_0000023FD6391F40
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6391F40 24_3_0000023FD6391F40
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6391F40 24_3_0000023FD6391F40
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6391F40 24_3_0000023FD6391F40
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6391716 24_3_0000023FD6391716
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6391716 24_3_0000023FD6391716
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6391716 24_3_0000023FD6391716
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6391716 24_3_0000023FD6391716
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6390283 24_3_0000023FD6390283
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6390283 24_3_0000023FD6390283
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6390283 24_3_0000023FD6390283
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD6390283 24_3_0000023FD6390283
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD639366C 24_3_0000023FD639366C
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD639366C 24_3_0000023FD639366C
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD639366C 24_3_0000023FD639366C
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_3_0000023FD639366C 24_3_0000023FD639366C
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61A2628 24_2_0000023FD61A2628
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61AC308 24_2_0000023FD61AC308
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61B340C 24_2_0000023FD61B340C
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61C906C 24_2_0000023FD61C906C
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61BD060 24_2_0000023FD61BD060
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61D6880 24_2_0000023FD61D6880
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61D4928 24_2_0000023FD61D4928
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61BD920 24_2_0000023FD61BD920
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61B61BC 24_2_0000023FD61B61BC
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61DB1DC 24_2_0000023FD61DB1DC
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61CE20C 24_2_0000023FD61CE20C
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61E1234 24_2_0000023FD61E1234
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61C7A4C 24_2_0000023FD61C7A4C
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61DF6A4 24_2_0000023FD61DF6A4
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61C76D0 24_2_0000023FD61C76D0
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61BFF28 24_2_0000023FD61BFF28
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61E1750 24_2_0000023FD61E1750
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61B7770 24_2_0000023FD61B7770
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61D5F68 24_2_0000023FD61D5F68
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61D9F8C 24_2_0000023FD61D9F8C
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61D57A0 24_2_0000023FD61D57A0
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61BC7C8 24_2_0000023FD61BC7C8
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61C803C 24_2_0000023FD61C803C
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61C485C 24_2_0000023FD61C485C
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61BECA8 24_2_0000023FD61BECA8
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61A14D0 24_2_0000023FD61A14D0
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61BE5F4 24_2_0000023FD61BE5F4
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61E6DF4 24_2_0000023FD61E6DF4
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61DD5E8 24_2_0000023FD61DD5E8
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61D0E30 24_2_0000023FD61D0E30
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61D5288 24_2_0000023FD61D5288
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61C0A84 24_2_0000023FD61C0A84
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61D62D0 24_2_0000023FD61D62D0
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61E0300 24_2_0000023FD61E0300
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61DF344 24_2_0000023FD61DF344
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61DFB90 24_2_0000023FD61DFB90
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61D43F0 24_2_0000023FD61D43F0
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61E440D 24_2_0000023FD61E440D
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61D5408 24_2_0000023FD61D5408
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61E0C30 24_2_0000023FD61E0C30
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61B7424 24_2_0000023FD61B7424
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BB0E74 24_2_00007DF4D1BB0E74
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BB152C 24_2_00007DF4D1BB152C
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BAF8E0 24_2_00007DF4D1BAF8E0
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BB9C74 24_2_00007DF4D1BB9C74
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BAF048 24_2_00007DF4D1BAF048
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BB27AC 24_2_00007DF4D1BB27AC
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BB3308 24_2_00007DF4D1BB3308
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BB728D 24_2_00007DF4D1BB728D
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BB01A0 24_2_00007DF4D1BB01A0
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BD22CC 24_2_00007DF4D1BD22CC
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BF5D72 24_2_00007DF4D1BF5D72
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BF7D18 24_2_00007DF4D1BF7D18
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BF74BE 24_2_00007DF4D1BF74BE
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BF54E7 24_2_00007DF4D1BF54E7
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BF2487 24_2_00007DF4D1BF2487
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BEC884 24_2_00007DF4D1BEC884
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BEA865 24_2_00007DF4D1BEA865
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BF3FFB 24_2_00007DF4D1BF3FFB
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BEF409 24_2_00007DF4D1BEF409
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BEC009 24_2_00007DF4D1BEC009
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BF7814 24_2_00007DF4D1BF7814
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BF5BB8 24_2_00007DF4D1BF5BB8
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BE4FC6 24_2_00007DF4D1BE4FC6
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BF6BE7 24_2_00007DF4D1BF6BE7
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BF5396 24_2_00007DF4D1BF5396
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BE576C 24_2_00007DF4D1BE576C
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BF6365 24_2_00007DF4D1BF6365
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BF5716 24_2_00007DF4D1BF5716
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BE8ED9 24_2_00007DF4D1BE8ED9
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BE867A 24_2_00007DF4D1BE867A
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BEE2AB 24_2_00007DF4D1BEE2AB
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BF720A 24_2_00007DF4D1BF720A
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BF121A 24_2_00007DF4D1BF121A
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BF6E1B 24_2_00007DF4D1BF6E1B
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_00007DF4D1BF31E4 24_2_00007DF4D1BF31E4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: String function: 00457FB0 appears 38 times
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: String function: 00007FFC9DA1BF60 appears 53 times
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: String function: 00007FFC9DCAAB20 appears 66 times
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: String function: 00007FFCA09D28E0 appears 60 times
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: String function: 00007FFCA09EE450 appears 287 times
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: String function: 00007FF7C9F1BE58 appears 35 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7768 -s 988
Source: libwinpthread-1.dll.0.dr Static PE information: Number of sections : 11 > 10
Source: file.exe.0.dr Static PE information: Number of sections : 19 > 10
Source: libdl.dll.0.dr Static PE information: Number of sections : 11 > 10
Source: SDL2.dll.0.dr Static PE information: Number of sections : 21 > 10
Source: libiconv-2.dll.0.dr Static PE information: Number of sections : 12 > 10
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1211295094.0000021BC4DBE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameSDL2.dllR vs 250427-1egs2atlt3.bin.exe
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176954062.0000021BC43DC000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameiconv.dllv+ vs 250427-1egs2atlt3.bin.exe
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1214780821.0000021BC4BE1000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameUgijikiwumag4 vs 250427-1egs2atlt3.bin.exe
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176446259.0000021BC2A39000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameFlashDevelop.exer) vs 250427-1egs2atlt3.bin.exe
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176446259.0000021BC2A39000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameWinPthreadGCp( vs 250427-1egs2atlt3.bin.exe
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1177495351.0000021BC4A09000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameUgijikiwumag4 vs 250427-1egs2atlt3.bin.exe
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1177240165.0000021BC4785000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameIwapiyu2 vs 250427-1egs2atlt3.bin.exe
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1177071546.0000021BC450E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameIwapiyu2 vs 250427-1egs2atlt3.bin.exe
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176633504.0000021BC3EB1000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameFlashDevelop.exer) vs 250427-1egs2atlt3.bin.exe
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1211537587.0000021BC50A4000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameSDL2.dllR vs 250427-1egs2atlt3.bin.exe
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1210843074.0000021BC2ABF000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameWinPthreadGCp( vs 250427-1egs2atlt3.bin.exe
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1159607150.00007FF79167B000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameUkuwelowovabukenoruy.exe8 vs 250427-1egs2atlt3.bin.exe
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176846680.0000021BC42B0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameiconv.dllv+ vs 250427-1egs2atlt3.bin.exe
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1176821643.0000021BC2ABB000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameWinPthreadGCp( vs 250427-1egs2atlt3.bin.exe
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@34/8@6/8
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9D961F50 SetLastError,FormatMessageW,GetLastError, 2_2_00007FFC9D961F50
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DB9CA00 SetLastError,AdjustTokenPrivileges,GetLastError, 2_2_00007FFC9DB9CA00
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A40286C CreateToolhelp32Snapshot,Thread32First,Thread32Next,CloseHandle,SuspendThread, 16_2_00007DF46A40286C
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFCA0B2F1A0 CoCreateInstance,GetModuleHandleW,GetLastError, 2_2_00007FFCA0B2F1A0
Source: C:\Windows\System32\svchost.exe Mutant created: NULL
Source: C:\Windows\SysWOW64\fontdrvhost.exe Mutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-8e48d739-9c2b-ed033c-96c7cd677a0b}
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7636:120:WilError_03
Source: C:\Users\user\Desktop\250427-1egs2atlt3.bin.exe File created: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f Jump to behavior
Source: 250427-1egs2atlt3.bin.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\SysWOW64\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\SysWOW64\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\250427-1egs2atlt3.bin.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: chrome.exe Binary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: chrome.exe Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: chrome.exe Binary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
Source: chrome.exe Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: chrome.exe Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: chrome.exe Binary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
Source: 250427-1egs2atlt3.bin.exe Virustotal: Detection: 14%
Source: file.exe String found in binary or memory: Get keyboard input using getc -group [name=value]* Apply properties repeatedly -help Show this message -jack Enable JACK transport synchro
Source: file.exe String found in binary or memory: jack-started
Source: file.exe String found in binary or memory: jack-stopped
Source: file.exe String found in binary or memory: jack-stop
Source: file.exe String found in binary or memory: jack-start
Source: C:\Users\user\Desktop\250427-1egs2atlt3.bin.exe File read: C:\Users\user\Desktop\250427-1egs2atlt3.bin.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\250427-1egs2atlt3.bin.exe "C:\Users\user\Desktop\250427-1egs2atlt3.bin.exe"
Source: C:\Users\user\Desktop\250427-1egs2atlt3.bin.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\250427-1egs2atlt3.bin.exe Process created: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe"
Source: C:\Users\user\Desktop\250427-1egs2atlt3.bin.exe Process created: C:\Windows\SysWOW64\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7768 -s 988
Source: C:\Windows\SysWOW64\fontdrvhost.exe Process created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe"
Source: C:\Windows\System32\svchost.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe"
Source: unknown Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe"
Source: unknown Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe"
Source: unknown Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe"
Source: unknown Process created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe"
Source: C:\Windows\System32\svchost.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chrF025.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/0baada6a/4a1b3c1a"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2276,i,14539301578210770567,15758709380538373118,262144 --variations-seed-version --mojo-platform-channel-handle=2376 /prefetch:3
Source: C:\Windows\System32\svchost.exe Process created: C:\Program Files\Windows Media Player\setup_wm.exe "C:\Program Files\Windows Media Player\setup_wm.exe"
Source: C:\Program Files\Windows Media Player\setup_wm.exe Process created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
Source: C:\Users\user\Desktop\250427-1egs2atlt3.bin.exe Process created: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Process created: C:\Windows\SysWOW64\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe" Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Process created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe" Jump to behavior
Source: C:\Windows\System32\svchost.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" Jump to behavior
Source: C:\Windows\System32\svchost.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chrF025.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/0baada6a/4a1b3c1a" Jump to behavior
Source: C:\Windows\System32\svchost.exe Process created: C:\Program Files\Windows Media Player\setup_wm.exe "C:\Program Files\Windows Media Player\setup_wm.exe" Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2276,i,14539301578210770567,15758709380538373118,262144 --variations-seed-version --mojo-platform-channel-handle=2376 /prefetch:3 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Windows Media Player\setup_wm.exe Process created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe" Jump to behavior
Source: C:\Users\user\Desktop\250427-1egs2atlt3.bin.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\Desktop\250427-1egs2atlt3.bin.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\250427-1egs2atlt3.bin.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\250427-1egs2atlt3.bin.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\250427-1egs2atlt3.bin.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\250427-1egs2atlt3.bin.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Desktop\250427-1egs2atlt3.bin.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\Desktop\250427-1egs2atlt3.bin.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\250427-1egs2atlt3.bin.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\250427-1egs2atlt3.bin.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\250427-1egs2atlt3.bin.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Section loaded: sdl2.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Section loaded: libmlt-7.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Section loaded: msys-ncursesw631.dll Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Section loaded: devobj.dll Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Section loaded: drprov.dll Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Section loaded: ntlanman.dll Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Section loaded: davclnt.dll Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Section loaded: davhlpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: cscapi.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe Section loaded: sxs.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\elevation_service.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files\Windows Media Player\setup_wm.exe Section loaded: atl.dll Jump to behavior
Source: C:\Program Files\Windows Media Player\setup_wm.exe Section loaded: pdh.dll Jump to behavior
Source: C:\Program Files\Windows Media Player\setup_wm.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Program Files\Windows Media Player\setup_wm.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Program Files\Windows Media Player\setup_wm.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Program Files\Windows Media Player\setup_wm.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Program Files\Windows Media Player\setup_wm.exe Section loaded: mfplat.dll Jump to behavior
Source: C:\Program Files\Windows Media Player\setup_wm.exe Section loaded: version.dll Jump to behavior
Source: C:\Program Files\Windows Media Player\setup_wm.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Program Files\Windows Media Player\setup_wm.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Program Files\Windows Media Player\setup_wm.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Program Files\Windows Media Player\setup_wm.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Program Files\Windows Media Player\setup_wm.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Program Files\Windows Media Player\setup_wm.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Program Files\Windows Media Player\setup_wm.exe Section loaded: rtworkq.dll Jump to behavior
Source: C:\Program Files\Windows Media Player\setup_wm.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files\Windows Media Player\setup_wm.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Program Files\Windows Media Player\setup_wm.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\dllhost.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\dllhost.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\System32\dllhost.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Windows\System32\dllhost.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32 Jump to behavior
Source: 250427-1egs2atlt3.bin.exe Static PE information: More than 8191 > 100 exports found
Source: 250427-1egs2atlt3.bin.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: 250427-1egs2atlt3.bin.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: 250427-1egs2atlt3.bin.exe Static file information: File size 47549392 > 1048576
Source: 250427-1egs2atlt3.bin.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x10f7e00
Source: 250427-1egs2atlt3.bin.exe Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0xef8600
Source: 250427-1egs2atlt3.bin.exe Static PE information: More than 200 imports for KERNEL32.dll
Source: 250427-1egs2atlt3.bin.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: 250427-1egs2atlt3.bin.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: 250427-1egs2atlt3.bin.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: 250427-1egs2atlt3.bin.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: 250427-1egs2atlt3.bin.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: 250427-1egs2atlt3.bin.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: 250427-1egs2atlt3.bin.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: 250427-1egs2atlt3.bin.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: wkernel32.pdb source: aspnet_wp.exe, 00000003.00000003.1204894393.0000000007820000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Windows\amd64_microsoft-windows-remotesp_31bf3856ad364e35_10.0.20348.3207_none_57a2e220891446f5\0\2.pdb source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1177240165.0000021BC4785000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1177071546.0000021BC450E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1193213825.00007FFC9DD18000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\Windows\amd64_microsoft-windows-remotesp_31bf3856ad364e35_10.0.20348.3207_none_57a2e220891446f5\0\2.pdb||2 source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1177240165.0000021BC4785000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1177071546.0000021BC450E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1193213825.00007FFC9DD18000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pkg.d7c6a10fb0263a69b4596321\node\out\Release\node.pdb source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF790EA9000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: wkernelbase.pdb source: aspnet_wp.exe, 00000003.00000003.1205295456.0000000007A40000.00000004.00000001.00020000.00000000.sdmp, aspnet_wp.exe, 00000003.00000003.1205140942.0000000007820000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: ntdll.pdb source: aspnet_wp.exe, 00000003.00000003.1203942692.0000000007820000.00000004.00000001.00020000.00000000.sdmp, aspnet_wp.exe, 00000003.00000003.1204172713.0000000007A10000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: wntdll.pdbUGP source: aspnet_wp.exe, 00000003.00000003.1204461000.0000000007820000.00000004.00000001.00020000.00000000.sdmp, aspnet_wp.exe, 00000003.00000003.1204639869.00000000079C0000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: ntdll.pdbUGP source: aspnet_wp.exe, 00000003.00000003.1203942692.0000000007820000.00000004.00000001.00020000.00000000.sdmp, aspnet_wp.exe, 00000003.00000003.1204172713.0000000007A10000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: aspnet_wp.exe, 00000003.00000003.1204461000.0000000007820000.00000004.00000001.00020000.00000000.sdmp, aspnet_wp.exe, 00000003.00000003.1204639869.00000000079C0000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pkg.d7c6a10fb0263a69b4596321\node\out\Release\node.pdb) source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF790EA9000.00000002.00000001.01000000.00000003.sdmp
Source: Binary string: wkernelbase.pdbUGP source: aspnet_wp.exe, 00000003.00000003.1205295456.0000000007A40000.00000004.00000001.00020000.00000000.sdmp, aspnet_wp.exe, 00000003.00000003.1205140942.0000000007820000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: wkernel32.pdbUGP source: aspnet_wp.exe, 00000003.00000003.1204894393.0000000007820000.00000004.00000001.00020000.00000000.sdmp
Source: Binary string: C:\Windows\210287e6dc6bfc86b1c9c94e7ceb34f0\4709c51b3a23b3a0e9712525358f7360\WDI\IIEHost\MRT\tr\2.pdb source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1214780821.0000021BC4BE1000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1177495351.0000021BC4A09000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1192929287.00007FFC9DA89000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: C:\Windows\210287e6dc6bfc86b1c9c94e7ceb34f0\4709c51b3a23b3a0e9712525358f7360\WDI\IIEHost\MRT\tr\2.pdbyy2 source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1214780821.0000021BC4BE1000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1177495351.0000021BC4A09000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1192929287.00007FFC9DA89000.00000002.00000001.01000000.00000007.sdmp
Source: 250427-1egs2atlt3.bin.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: 250427-1egs2atlt3.bin.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: 250427-1egs2atlt3.bin.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: 250427-1egs2atlt3.bin.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: 250427-1egs2atlt3.bin.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FF7C9F1BB50 GetModuleHandleA,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress, 2_2_00007FF7C9F1BB50
Source: 250427-1egs2atlt3.bin.exe Static PE information: section name: _RDATA
Source: file.exe.0.dr Static PE information: section name: .xdata
Source: file.exe.0.dr Static PE information: section name: /4
Source: file.exe.0.dr Static PE information: section name: /19
Source: file.exe.0.dr Static PE information: section name: /31
Source: file.exe.0.dr Static PE information: section name: /45
Source: file.exe.0.dr Static PE information: section name: /57
Source: file.exe.0.dr Static PE information: section name: /70
Source: file.exe.0.dr Static PE information: section name: /81
Source: file.exe.0.dr Static PE information: section name: /97
Source: file.exe.0.dr Static PE information: section name: /113
Source: libdl.dll.0.dr Static PE information: section name: .xdata
Source: libiconv-2.dll.0.dr Static PE information: section name: .xdata
Source: libmlt-7.dll.0.dr Static PE information: section name: _RDATA
Source: libwinpthread-1.dll.0.dr Static PE information: section name: .xdata
Source: msys-ncursesw631.dll.0.dr Static PE information: section name: _RDATA
Source: SDL2.dll.0.dr Static PE information: section name: .xdata
Source: SDL2.dll.0.dr Static PE information: section name: /4
Source: SDL2.dll.0.dr Static PE information: section name: /19
Source: SDL2.dll.0.dr Static PE information: section name: /31
Source: SDL2.dll.0.dr Static PE information: section name: /45
Source: SDL2.dll.0.dr Static PE information: section name: /57
Source: SDL2.dll.0.dr Static PE information: section name: /70
Source: SDL2.dll.0.dr Static PE information: section name: /81
Source: SDL2.dll.0.dr Static PE information: section name: /97
Source: SDL2.dll.0.dr Static PE information: section name: /113
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9D976C45 push 8B480000h; retf 2_2_00007FFC9D976C4B
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DBACE2C push rsp; iretd 2_2_00007FFC9DBACE39
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DBAE5D0 push rsp; retf 2_2_00007FFC9DBAE5D1
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DBAE565 push rsp; retf 2_2_00007FFC9DBAE566
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_3_004719B4 push ecx; ret 3_3_004719C7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_3_06E9525D push es; ret 3_3_06E95264
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_3_06E93FD4 push ss; retf 3_3_06E93FF5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_3_06E93F89 push edi; iretd 3_3_06E93F96
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_3_06E90F6A push eax; ret 3_3_06E90F75
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_3_06E928EC push edi; ret 3_3_06E928F8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_3_06E910F9 push FFFFFF82h; iretd 3_3_06E910FB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_3_06E944F9 push edx; retf 3_3_06E944FC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_3_06E92C39 push ecx; ret 3_3_06E92C59
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_3_06E921DC push eax; ret 3_3_06E921DD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_3_06E94D5E push esi; ret 3_3_06E94D69
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_2_06E9525D push es; ret 3_2_06E95264
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_2_06E93FD4 push ss; retf 3_2_06E93FF5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_2_06E93F89 push edi; iretd 3_2_06E93F96
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_2_06E90F6A push eax; ret 3_2_06E90F75
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_2_06E928EC push edi; ret 3_2_06E928F8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_2_06E910F9 push FFFFFF82h; iretd 3_2_06E910FB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_2_06E944F9 push edx; retf 3_2_06E944FC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_2_06E92C39 push ecx; ret 3_2_06E92C59
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_2_06E921DC push eax; ret 3_2_06E921DD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_2_06E94D5E push esi; ret 3_2_06E94D69
Source: C:\Windows\SysWOW64\fontdrvhost.exe Code function: 5_3_00514054 push ss; retf 5_3_00514075
Source: C:\Windows\SysWOW64\fontdrvhost.exe Code function: 5_3_0051225C push eax; ret 5_3_0051225D
Source: C:\Windows\SysWOW64\fontdrvhost.exe Code function: 5_3_00514009 push edi; iretd 5_3_00514016
Source: C:\Windows\SysWOW64\fontdrvhost.exe Code function: 5_3_005152DD push es; ret 5_3_005152E4
Source: C:\Windows\SysWOW64\fontdrvhost.exe Code function: 5_3_00512CB9 push ecx; ret 5_3_00512CD9
Source: C:\Windows\SysWOW64\fontdrvhost.exe Code function: 5_3_00511179 push FFFFFF82h; iretd 5_3_0051117B
Source: C:\Users\user\Desktop\250427-1egs2atlt3.bin.exe File created: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Jump to dropped file
Source: C:\Users\user\Desktop\250427-1egs2atlt3.bin.exe File created: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\libiconv-2.dll Jump to dropped file
Source: C:\Users\user\Desktop\250427-1egs2atlt3.bin.exe File created: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\libmlt-7.dll Jump to dropped file
Source: C:\Users\user\Desktop\250427-1egs2atlt3.bin.exe File created: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\SDL2.dll Jump to dropped file
Source: C:\Users\user\Desktop\250427-1egs2atlt3.bin.exe File created: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\libdl.dll Jump to dropped file
Source: C:\Users\user\Desktop\250427-1egs2atlt3.bin.exe File created: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\msys-ncursesw631.dll Jump to dropped file
Source: C:\Users\user\Desktop\250427-1egs2atlt3.bin.exe File created: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\libwinpthread-1.dll Jump to dropped file
Source: C:\Users\user\Desktop\250427-1egs2atlt3.bin.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\svchost.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\svchost.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Windows Media Player\setup_wm.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Windows Media Player\setup_wm.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Windows Media Player\setup_wm.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\dllhost.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\dllhost.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Windows\SysWOW64\fontdrvhost.exe Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PnPEntity
Source: C:\Windows\SysWOW64\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PnPEntity
Source: C:\Windows\SysWOW64\fontdrvhost.exe System information queried: FirmwareTableInformation Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe System information queried: FirmwareTableInformation Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe System information queried: FirmwareTableInformation Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe System information queried: FirmwareTableInformation Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe System information queried: FirmwareTableInformation Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe System information queried: FirmwareTableInformation Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe System information queried: FirmwareTableInformation Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe System information queried: FirmwareTableInformation Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe System information queried: FirmwareTableInformation Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe System information queried: FirmwareTableInformation Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe System information queried: FirmwareTableInformation Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe System information queried: FirmwareTableInformation Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe System information queried: FirmwareTableInformation Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe System information queried: FirmwareTableInformation Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe System information queried: FirmwareTableInformation Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe System information queried: FirmwareTableInformation Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe System information queried: FirmwareTableInformation Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe System information queried: FirmwareTableInformation Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe System information queried: FirmwareTableInformation Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe System information queried: FirmwareTableInformation Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe System information queried: FirmwareTableInformation Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe System information queried: FirmwareTableInformation Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe System information queried: FirmwareTableInformation Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe System information queried: FirmwareTableInformation Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe API/Special instruction interceptor: Address: 7FFCC372D044
Source: C:\Windows\SysWOW64\fontdrvhost.exe API/Special instruction interceptor: Address: 7FFCC372D044
Source: C:\Windows\SysWOW64\fontdrvhost.exe API/Special instruction interceptor: Address: 510B83A
Source: C:\Windows\SysWOW64\fontdrvhost.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Memory allocated: 226BFC10000 memory reserve | memory write watch Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe File opened / queried: VBoxGuest Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 name: Identifier Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe File opened / queried: C:\Windows\SysWOW64\vboxservice.exe Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe File opened / queried: C:\Windows\SysWOW64\vboxtray.exe Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe File opened / queried: C:\Windows\SysWOW64\drivers\VBoxMouse.sys Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe File opened / queried: VBoxTrayIPC Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe File opened / queried: C:\Windows\SysWOW64\drivers\VBoxSF.sys Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe File opened / queried: C:\Windows\SysWOW64\vboxhook.dll Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosDate Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe File opened / queried: \pipe\VBoxTrayIPC Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe File opened / queried: C:\Windows\SysWOW64\drivers\VBoxVideo.sys Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe File opened / queried: VBoxMiniRdrDN Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe File opened / queried: C:\Windows\SysWOW64\drivers\VBoxGuest.sys Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A504248 sldt word ptr [eax] 16_2_00007DF46A504248
Source: C:\Users\user\Desktop\250427-1egs2atlt3.bin.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\libiconv-2.dll Jump to dropped file
Source: C:\Users\user\Desktop\250427-1egs2atlt3.bin.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\libdl.dll Jump to dropped file
Source: C:\Users\user\Desktop\250427-1egs2atlt3.bin.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\libwinpthread-1.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe API coverage: 3.8 %
Source: C:\Windows\SysWOW64\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Windows\SysWOW64\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BaseBoard
Source: C:\Windows\SysWOW64\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Windows\SysWOW64\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Windows\SysWOW64\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\SysWOW64\fontdrvhost.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_3_00469608 FindFirstFileExW, 3_3_00469608
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A421618 FindFirstFileW,DeleteFileW,FindNextFileW,RemoveDirectoryW, 16_2_00007DF46A421618
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFCA09E7200 GetSystemInfo, 2_2_00007FFCA09E7200
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Adobe Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Adobe\Acrobat Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local Jump to behavior
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000003.1214780821.0000021BC4BE1000.00000004.00000020.00020000.00000000.sdmp, 250427-1egs2atlt3.bin.exe, 00000000.00000003.1177495351.0000021BC4A09000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000002.00000002.1192929287.00007FFC9DA89000.00000002.00000001.01000000.00000007.sdmp Binary or memory string: qEMutating a value collection derived from a dictionary is not allowed.Y
Source: aspnet_wp.exe, 00000003.00000003.1205140942.0000000007820000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: DisableGuestVmNetworkConnectivity
Source: aspnet_wp.exe, 00000003.00000003.1205140942.0000000007820000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: EnableGuestVmNetworkConnectivity
Source: 250427-1egs2atlt3.bin.exe, 00000000.00000000.1157945276.00007FF7904A9000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: lgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmcIGfE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_3_00454ED5 LdrInitializeThunk,VirtualFree, 3_3_00454ED5
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFCA0B0CE50 CreateThread,GetCurrentThread,IsDebuggerPresent,RaiseException,GetModuleHandleW,GetProcAddress, 2_2_00007FFCA0B0CE50
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FF7C9F1BB50 GetModuleHandleA,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress, 2_2_00007FF7C9F1BB50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_3_06E90277 mov eax, dword ptr fs:[00000030h] 3_3_06E90277
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_2_06E90277 mov eax, dword ptr fs:[00000030h] 3_2_06E90277
Source: C:\Windows\SysWOW64\fontdrvhost.exe Code function: 5_3_00510283 mov eax, dword ptr fs:[00000030h] 5_3_00510283
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FF7C9F15730 GetCommandLineW,CommandLineToArgvW,GetProcessHeap,GetProcessHeap,HeapAlloc,HeapAlloc,GetProcessHeap,HeapAlloc,SDL_wcslen,SDL_iconv_string,SDL_ShowSimpleMessageBox,LocalFree,SDL_SetMainReady,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree, 2_2_00007FF7C9F15730
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FF7C9F111B0 Sleep,Sleep,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_amsg_exit, 2_2_00007FF7C9F111B0
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FF7C9F15999 SetUnhandledExceptionFilter, 2_2_00007FF7C9F15999
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FF7C9F24650 SetUnhandledExceptionFilter, 2_2_00007FF7C9F24650
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DA82E6C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 2_2_00007FFC9DA82E6C
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DD11E2C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 2_2_00007FFC9DD11E2C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_3_0045800F SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 3_3_0045800F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_3_00457D4D IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 3_3_00457D4D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_3_00464B0C IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 3_3_00464B0C

HIPS / PFW / Operating System Protection Evasion

barindex
Source: C:\Windows\System32\svchost.exe Process created / APC Queued / Resumed: C:\Program Files\Google\Chrome\Application\chrome.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe base: 400000 protect: page execute and read and write Jump to behavior
Source: C:\Program Files\Windows Media Player\setup_wm.exe Memory allocated: C:\Windows\System32\dllhost.exe base: 213AF570000 protect: page read and write Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe base: 400000 value starts with: 4D5A Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: NULL target: C:\Program Files\Google\Chrome\Application\chrome.exe protection: execute and read and write Jump to behavior
Source: C:\Windows\System32\svchost.exe Thread APC queued: target process: C:\Program Files\Google\Chrome\Application\chrome.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe base: 400000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe base: 401000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe base: 473000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe base: 479000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe base: 47A000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe base: 47B000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe base: 5121008 Jump to behavior
Source: C:\Program Files\Windows Media Player\setup_wm.exe Memory written: C:\Windows\System32\dllhost.exe base: 213AF570000 Jump to behavior
Source: C:\Program Files\Windows Media Player\setup_wm.exe Memory written: C:\Windows\System32\dllhost.exe base: 7FF6593214E0 Jump to behavior
Source: C:\Users\user\Desktop\250427-1egs2atlt3.bin.exe Process created: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Process created: C:\Windows\SysWOW64\fontdrvhost.exe "C:\Windows\System32\fontdrvhost.exe" Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Process created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe" Jump to behavior
Source: C:\Windows\System32\svchost.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" Jump to behavior
Source: C:\Windows\System32\svchost.exe Process created: C:\Program Files\Windows Media Player\setup_wm.exe "C:\Program Files\Windows Media Player\setup_wm.exe" Jump to behavior
Source: C:\Program Files\Windows Media Player\setup_wm.exe Process created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe" Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe Code function: 3_3_0045781B cpuid 3_3_0045781B
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: GetLocaleInfoEx, 2_2_00007FFC9DBFE4F0
Source: C:\Users\user\Desktop\250427-1egs2atlt3.bin.exe Queries volume information: C:\Users\user\Desktop\250427-1egs2atlt3.bin.exe VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\fontdrvhost.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Program Files\Windows Media Player\setup_wm.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Program Files\Windows Media Player\setup_wm.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\dllhost.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A426448 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe, 16_2_00007DF46A426448
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FFC9DA8331C GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 2_2_00007FFC9DA8331C
Source: C:\Windows\SysWOW64\fontdrvhost.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information

barindex
Source: Yara match File source: 00000005.00000002.1324960658.0000000002B50000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.1210351997.0000000006EE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000003.1205887708.00000000005C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000003.1202432694.0000000005490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mdpkiolbdkhdjpekfbkbmhigcaggjagi Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\bde1cb97-a9f1-4568-9626-b993438e38e1 Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\4d5b179f-bba0-432a-b376-b1fb347ae64f Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packs\browser\newtab Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mdpkiolbdkhdjpekfbkbmhigcaggjagi\Icons Monochrome Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\z6bny8rn.default Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\57328c1e-640f-4b62-a5a0-06d479b676c2 Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\safebrowsing Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\doomed Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnWebGPUCache Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\5d6e55e1-dca9-4d9b-861d-6fd45a15969d Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packs\browser Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mdpkiolbdkhdjpekfbkbmhigcaggjagi\Icons Maskable Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\2cb4572a-4cab-4e12-9740-762c0a50285f Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\startupCache Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\e8d04e65-de13-4e7d-b232-291855cace25 Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\thumbnails Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\03a1fc40-7474-4824-8fa1-eaa75003e98a Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\safebrowsing\google4 Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\trash16598 Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ClientCertificates Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\8ad0d94c-ca05-4c9d-8177-48569175e875 Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Safe Browsing Network Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\discounts_db Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\5bc1a347-c482-475c-a573-03c10998aeea Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2 Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App Settings Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mdpkiolbdkhdjpekfbkbmhigcaggjagi\Icons Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packs Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm Jump to behavior
Source: C:\Windows\System32\svchost.exe Directory queried: C:\Users\user\Documents\LIJDSFKJZG Jump to behavior
Source: C:\Windows\System32\svchost.exe Directory queried: C:\Users\user\Documents\QCOILOQIKC Jump to behavior

Remote Access Functionality

barindex
Source: Yara match File source: 00000005.00000002.1324960658.0000000002B50000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000002.1210351997.0000000006EE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000003.1205887708.00000000005C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000003.00000003.1202432694.0000000005490000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: C:\Users\user\AppData\Local\Temp\3f7c5c2996993c580442585bca7c385f\file.exe Code function: 2_2_00007FF7C9F12320 signal,signal,signal,strcmp,strcmp,strcmp,mlt_profile_init,getenv,mlt_profile_init,mlt_profile_clone,mlt_properties_get_data,mlt_profile_from_producer,mlt_service_consumer,mlt_consumer_connect,mlt_producer_close,mlt_factory_producer,mlt_properties_get_double,mlt_properties_set_data,mlt_properties_set_data,mlt_producer_get_length,strcmp,strcmp,fclose,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,mlt_factory_init,getenv,getenv,setlocale,mlt_producer_close,mlt_profile_close,mlt_profile_close,mlt_factory_close,fwrite,mlt_factory_close,mlt_properties_get_int,mlt_properties_get_int,mlt_consumer_connect,signal,signal,mlt_properties_get_int,mlt_properties_get_int,mlt_properties_get_int,mlt_properties_get_int,mlt_consumer_stop,mlt_properties_get_int,mlt_consumer_connect,mlt_event_data_none,mlt_events_fire,mlt_producer_close,mlt_consumer_close,_isatty,mlt_factory_init,getenv,getenv,setlocale,mlt_log_set_level,mlt_log_set_level,mlt_properties_set_int,mlt_properties_set_int,mlt_properties_set_int,mlt_properties_set_int,mlt_properties_set_data,mlt_events_listen,mlt_events_listen,mlt_profile_clone,mlt_log_set_level,mlt_properties_set_data,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strcmp,strncmp,strncmp,strcmp,strncmp,strcmp,strncmp,strncmp,strncmp,strncmp,strncmp,strncmp,strncmp,strchr,mlt_repository_presets,mlt_properties_get_data,mlt_properties_serialise_yaml,fputs,free,mlt_properties_close,mlt_factory_init,getenv,getenv,setlocale,mlt_factory_consumer,mlt_properties_set_data,mlt_producer_seek,mlt_properties_get_data,strcmp,fwrite,fwrite,fwrite,fwrite,fwrite,fwrite,fwrite,fwrite,fwrite,mlt_properties_get_int,mlt_consumer_is_stopped,SDL_PollEvent,mlt_properties_set_int,SDL_PollEvent,mlt_properties_get_int,mlt_producer_position,fflush,nanosleep,mlt_properties_get,strcmp,mlt_properties_set_int,mlt_properties_set_int,mlt_producer_get_length,mlt_consumer_position,fputc,fflush,mlt_factory_consumer,mlt_properties_set,mlt_consumer_start,mlt_consumer_close,fwrite,mlt_properties_get_name,mlt_properties_count,fwrite,mlt_properties_close,fwrite,fwrite,mlt_properties_get_name,mlt_properties_count,strchr,mlt_profile_list,mlt_properties_get_data,strchr,strchr,strchr,strchr,strchr,mlt_factory_consumer,mlt_factory_consumer,fwrite,fwrite, 2_2_00007FF7C9F12320
Source: C:\Windows\System32\svchost.exe Code function: 16_2_00007DF46A426448 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe, 16_2_00007DF46A426448
Source: C:\Program Files\Windows Media Player\setup_wm.exe Code function: 24_2_0000023FD61AD070 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe, 24_2_0000023FD61AD070
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs