Windows Analysis Report
!!SetUp_2244_PassW0rds$.zip

Overview

General Information

Sample name: !!SetUp_2244_PassW0rds$.zip
Analysis ID: 1500439
MD5: e9ce58b884143acee5f004128d1fae65
SHA1: 899a0b621b6d19da304675ac38d5d47d00e9f511
SHA256: 071b8b38b57d457b42a7bcfb6779e602f37f75e588dbdbe731cab784fcd06505
Infos:

Detection

LummaC
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected LummaC Stealer
C2 URLs / IPs found in malware configuration
Found direct / indirect Syscall (likely to bypass EDR)
Found hidden mapped module (file has been removed from disk)
LummaC encrypted strings found
Machine Learning detection for dropped file
Maps a DLL or memory area into another process
Sample uses string decryption to hide its real strings
Switches to a custom stack to bypass stack traces
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Contains functionality to call native functions
Contains functionality to detect virtual machines (SLDT)
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Uses code obfuscation techniques (call, push, ret)

Classification

Name Description Attribution Blogpost URLs Link
Lumma Stealer, LummaC2 Stealer Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

AV Detection
barindex
Antivirus detection for URL or domain
Source: caffegclasiqwp.shop Avira URL Cloud: Label: malware
Source: condedqpwqm.shop Avira URL Cloud: Label: phishing
Source: stagedchheiqwo.shop Avira URL Cloud: Label: phishing
Source: stamppreewntnq.shop Avira URL Cloud: Label: phishing
Antivirus detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\ohj Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Temp\dqgis Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Temp\vtesbhvscpflt Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Source: C:\Users\user\AppData\Local\Temp\fpmss Avira: detection malicious, Label: TR/Crypt.XPACK.Gen
Found malware configuration
Source: SearchIndexer.exe.1060.23.memstrmin Malware Configuration Extractor: LummaC {"C2 url": ["stagedchheiqwo.shop", "evoliutwoqm.shop", "condedqpwqm.shop", "stamppreewntnq.shop", "millyscroqwp.shop", "caffegclasiqwp.shop"], "Build id": "MeHdy4--pl1vs1"}
Multi AV Scanner detection for domain / URL
Source: caffegclasiqwp.shop Virustotal: Detection: 20% Perma Link
Source: condedqpwqm.shop Virustotal: Detection: 17% Perma Link
Source: stagedchheiqwo.shop Virustotal: Detection: 17% Perma Link
Source: stamppreewntnq.shop Virustotal: Detection: 17% Perma Link
Multi AV Scanner detection for submitted file
Source: !!SetUp_2244_PassW0rds$.zip Virustotal: Detection: 61% Perma Link
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\ohj Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\dqgis Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\vtesbhvscpflt Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\fpmss Joe Sandbox ML: detected
Sample uses string decryption to hide its real strings
Source: 0000000E.00000002.1577787068.0000000004C30000.00000004.00001000.00020000.00000000.sdmp String decryptor: caffegclasiqwp.shop
Source: 0000000E.00000002.1577787068.0000000004C30000.00000004.00001000.00020000.00000000.sdmp String decryptor: stamppreewntnq.shop
Source: 0000000E.00000002.1577787068.0000000004C30000.00000004.00001000.00020000.00000000.sdmp String decryptor: stagedchheiqwo.shop
Source: 0000000E.00000002.1577787068.0000000004C30000.00000004.00001000.00020000.00000000.sdmp String decryptor: millyscroqwp.shop
Source: 0000000E.00000002.1577787068.0000000004C30000.00000004.00001000.00020000.00000000.sdmp String decryptor: evoliutwoqm.shop
Source: 0000000E.00000002.1577787068.0000000004C30000.00000004.00001000.00020000.00000000.sdmp String decryptor: condedqpwqm.shop
Source: 0000000E.00000002.1577787068.0000000004C30000.00000004.00001000.00020000.00000000.sdmp String decryptor: traineiwnqo.shop
Source: 0000000E.00000002.1577787068.0000000004C30000.00000004.00001000.00020000.00000000.sdmp String decryptor: locatedblsoqp.shop
Source: 0000000E.00000002.1577787068.0000000004C30000.00000004.00001000.00020000.00000000.sdmp String decryptor: shadowqsnqop.shop
Source: 0000000E.00000002.1577787068.0000000004C30000.00000004.00001000.00020000.00000000.sdmp String decryptor: lid=%s&j=%s&ver=4.0
Source: 0000000E.00000002.1577787068.0000000004C30000.00000004.00001000.00020000.00000000.sdmp String decryptor: TeslaBrowser/5.5
Source: 0000000E.00000002.1577787068.0000000004C30000.00000004.00001000.00020000.00000000.sdmp String decryptor: - Screen Resoluton:
Source: 0000000E.00000002.1577787068.0000000004C30000.00000004.00001000.00020000.00000000.sdmp String decryptor: - Physical Installed Memory:
Source: 0000000E.00000002.1577787068.0000000004C30000.00000004.00001000.00020000.00000000.sdmp String decryptor: Workgroup: -
Source: 0000000E.00000002.1577787068.0000000004C30000.00000004.00001000.00020000.00000000.sdmp String decryptor: MeHdy4--pl1vs1
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\host_release\flutter_windows.dll.pdb source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr
Source: Binary string: ntdll.pdb source: Setup.exe, 0000000C.00000002.1424868142.000001DD41EB0000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 0000000C.00000002.1424214442.000001DD41ABC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wntdll.pdbUGP source: more.com, 0000000E.00000002.1574162025.0000000004322000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1576088788.0000000004680000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ntdll.pdbUGP source: Setup.exe, 0000000C.00000002.1424868142.000001DD41EB0000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 0000000C.00000002.1424214442.000001DD41ABC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: more.com, 0000000E.00000002.1574162025.0000000004322000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1576088788.0000000004680000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: gpapi.pdb source: more.com, 0000000E.00000002.1577787068.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, SearchIndexer.exe, 00000010.00000002.1623238842.000000000097F000.00000008.00000001.01000000.00000000.sdmp, ohj.18.dr, dqgis.30.dr, vtesbhvscpflt.35.dr, fpmss.14.dr
Source: Binary string: gpapi.pdbUGP source: more.com, 0000000E.00000002.1577787068.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, SearchIndexer.exe, 00000010.00000002.1623238842.000000000097F000.00000008.00000001.01000000.00000000.sdmp, ohj.18.dr, dqgis.30.dr, vtesbhvscpflt.35.dr, fpmss.14.dr

Networking
barindex
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: stagedchheiqwo.shop
Source: Malware configuration extractor URLs: evoliutwoqm.shop
Source: Malware configuration extractor URLs: condedqpwqm.shop
Source: Malware configuration extractor URLs: stamppreewntnq.shop
Source: Malware configuration extractor URLs: millyscroqwp.shop
Source: Malware configuration extractor URLs: caffegclasiqwp.shop
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/1085
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/1423136
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/1423136dumpTranslatedShadersWrite
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/1452
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/1452expandIntegerPowExpressionsThe
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/1512
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/1637
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/1936
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/2046
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/2152
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/2152skipVSConstantRegisterZeroIn
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/2162
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/2273
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/2517
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/2894
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/2970
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/2978
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/3027
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/3045
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/3078
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/3205
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/3206
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/3246
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/3246allowClearForRobustResourceInitSome
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/3452
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/3498
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/3502
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/3577
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/3584
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/3586
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/3623
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/3624
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/3625
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/3682
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/3682allowES3OnFL100Allow
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/3729
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/3832
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/3862
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/3965
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/3970
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/3997
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/4214
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/4267
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/4324
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/4384
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/4405
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/4428
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/4551
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/4633
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/4646
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/4722
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/482
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/4836
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/4901
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/4937
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/5007
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/5007disableDrawBuffersIndexedDisable
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/5055
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/5061
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/5281
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/5371
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/5375
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/5421
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/5430
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/5469
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/5535
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/5577
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/5658
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/5658forceGlErrorCheckingForce
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/5750
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/5750forceRobustResourceInitForce-enable
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/5881
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/5901
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/5906
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/6041
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/6041forceInitShaderVariablesForce-enable
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/6048
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/6141
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/6248
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/6439
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/6651
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/6692
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/6755
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/6860
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/6876
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/6878
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/6929
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/6953
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/7036
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/7036dumpShaderSourceWrite
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/7047
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/7172
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/7279
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/7279cacheCompiledShaderEnable
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/7370
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/7406
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/7488
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/7527
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/7553
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/7556
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/7724
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/7724disableAnisotropicFilteringDisable
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/7760
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/7760enableShaderSubstitutionCheck
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/7761
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/7761disableProgramCachingDisables
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/8162
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/8172
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/8215
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/8229
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/8280
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://anglebug.com/8280enableTranslatedShaderSubstitutionCheck
Source: Setup.exe, 0000000C.00000002.1423530742.000001DD41770000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://c0rl.m%L
Source: Setup.exe, 0000000C.00000002.1423842298.000001DD419CD000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
Source: Setup.exe, 0000000C.00000002.1423842298.000001DD419CD000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
Source: Setup.exe, 0000000C.00000002.1423842298.000001DD419CD000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: Setup.exe, 0000000C.00000002.1423842298.000001DD419CD000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://crbug.com/1094869
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://crbug.com/110263
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://crbug.com/1144207
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://crbug.com/1171371
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://crbug.com/1181068
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://crbug.com/1181193
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://crbug.com/1420130
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://crbug.com/1434317
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://crbug.com/1456243
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://crbug.com/308366
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://crbug.com/403957
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://crbug.com/550292
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://crbug.com/565179
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://crbug.com/642227
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://crbug.com/642605
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://crbug.com/644669
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://crbug.com/650547
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://crbug.com/672380
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://crbug.com/709351
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://crbug.com/797243
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://crbug.com/809422
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://crbug.com/830046
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://crbug.com/849576
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://crbug.com/883276
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://crbug.com/927470
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://crbug.com/941620
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://crbug.com/941620allowTranslateUniformBlockToStructuredBufferThere
Source: StrCmp.exe.12.dr String found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
Source: StrCmp.exe.12.dr String found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0V
Source: StrCmp.exe.12.dr String found in binary or memory: http://crl.globalsign.com/gsgccr45codesignca2020.crl0
Source: StrCmp.exe.12.dr String found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
Source: StrCmp.exe.12.dr String found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
Source: Setup.exe, 0000000C.00000003.1407535173.000001DD41845000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.sectigo.com
Source: Setup.exe, 0000000C.00000003.1406944642.000001DD3F412000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000C.00000003.1405231073.000001DD41845000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000C.00000003.1407267999.000001DD41845000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000C.00000003.1407329097.000001DD3F412000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000C.00000003.1400892792.000001DD420B0000.00000004.00000001.00020000.00000000.sdmp, Setup.exe, 0000000C.00000003.1406881575.000001DD41845000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001D.00000003.2062294663.000001B2C9A66000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000022.00000003.2154624325.0000013D427F5000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000022.00000003.2155473386.0000013D427F5000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000022.00000003.2155844822.0000013D404B3000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000022.00000003.2154987708.0000013D404B3000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000022.00000003.2153747812.0000013D427F5000.00000004.00000020.00020000.00000000.sdmp, uni_links_desktop_plugin.dll.12.dr, window_manager_plugin.dll.12.dr, desktop_drop_plugin.dll.12.dr, flutter_windows.dll.12.dr, desktop_multi_window_plugin.dll.12.dr, window_size_plugin.dll.12.dr, url_launcher_windows_plugin.dll.12.dr, flutter_custom_cursor_plugin.dll.12.dr, file_selector_windows_plugin.dll.12.dr String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
Source: Setup.exe, 0000000C.00000003.1406944642.000001DD3F412000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000C.00000003.1405231073.000001DD41845000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000C.00000003.1407267999.000001DD41845000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000C.00000003.1407329097.000001DD3F412000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000C.00000003.1400892792.000001DD420B0000.00000004.00000001.00020000.00000000.sdmp, Setup.exe, 0000000C.00000003.1406881575.000001DD41845000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001D.00000003.2062294663.000001B2C9A66000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000022.00000003.2154624325.0000013D427F5000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000022.00000003.2155473386.0000013D427F5000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000022.00000003.2155844822.0000013D404B3000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000022.00000003.2154987708.0000013D404B3000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000022.00000003.2153747812.0000013D427F5000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000022.00000003.2156220441.0000013D427F8000.00000004.00000020.00020000.00000000.sdmp, uni_links_desktop_plugin.dll.12.dr, window_manager_plugin.dll.12.dr, desktop_drop_plugin.dll.12.dr, flutter_windows.dll.12.dr, desktop_multi_window_plugin.dll.12.dr, window_size_plugin.dll.12.dr, url_launcher_windows_plugin.dll.12.dr, flutter_custom_cursor_plugin.dll.12.dr String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: Setup.exe, 0000000C.00000002.1423842298.000001DD419CD000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Source: Setup.exe, 0000000C.00000002.1423842298.000001DD419CD000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: Setup.exe, 0000000C.00000002.1423842298.000001DD419CD000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: Setup.exe, 0000000C.00000002.1423842298.000001DD419CD000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
Source: Setup.exe, 0000000C.00000002.1423842298.000001DD419CD000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: Setup.exe, 0000000C.00000002.1423842298.000001DD419CD000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
Source: Setup.exe, 0000000C.00000002.1423842298.000001DD419CD000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Setup.exe, 0000000C.00000002.1423842298.000001DD419CD000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: Setup.exe, 0000000C.00000002.1423842298.000001DD419CD000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
Source: Setup.exe, 0000000C.00000002.1423842298.000001DD419CD000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: Setup.exe, 0000000C.00000003.1406944642.000001DD3F412000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000C.00000003.1405231073.000001DD41845000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000C.00000003.1407267999.000001DD41845000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000C.00000003.1407329097.000001DD3F412000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000C.00000003.1400892792.000001DD420B0000.00000004.00000001.00020000.00000000.sdmp, Setup.exe, 0000000C.00000003.1406881575.000001DD41845000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001D.00000003.2062294663.000001B2C9A66000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000022.00000003.2154624325.0000013D427F5000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000022.00000003.2155473386.0000013D427F5000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000022.00000003.2155844822.0000013D404B3000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000022.00000003.2154987708.0000013D404B3000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000022.00000003.2153747812.0000013D427F5000.00000004.00000020.00020000.00000000.sdmp, uni_links_desktop_plugin.dll.12.dr, window_manager_plugin.dll.12.dr, desktop_drop_plugin.dll.12.dr, flutter_windows.dll.12.dr, desktop_multi_window_plugin.dll.12.dr, window_size_plugin.dll.12.dr, url_launcher_windows_plugin.dll.12.dr, flutter_custom_cursor_plugin.dll.12.dr, file_selector_windows_plugin.dll.12.dr String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
Source: Setup.exe, 0000000C.00000003.1406944642.000001DD3F412000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000C.00000003.1405231073.000001DD41845000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000C.00000003.1407267999.000001DD41845000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000C.00000003.1407329097.000001DD3F412000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000C.00000003.1400892792.000001DD420B0000.00000004.00000001.00020000.00000000.sdmp, Setup.exe, 0000000C.00000003.1406881575.000001DD41845000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001D.00000003.2062294663.000001B2C9A66000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000022.00000003.2154624325.0000013D427F5000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000022.00000003.2155473386.0000013D427F5000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000022.00000003.2155844822.0000013D404B3000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000022.00000003.2154987708.0000013D404B3000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000022.00000003.2153747812.0000013D427F5000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000022.00000003.2156220441.0000013D427F8000.00000004.00000020.00020000.00000000.sdmp, uni_links_desktop_plugin.dll.12.dr, window_manager_plugin.dll.12.dr, desktop_drop_plugin.dll.12.dr, flutter_windows.dll.12.dr, desktop_multi_window_plugin.dll.12.dr, window_size_plugin.dll.12.dr, url_launcher_windows_plugin.dll.12.dr, flutter_custom_cursor_plugin.dll.12.dr String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://issuetracker.google.com/200067929
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://labs.creativecommons.org/licenses/zero-waive/1.0/us/legalcodeRegularVersion
Source: Setup.exe, 0000000C.00000002.1423530742.000001DD41770000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocs(p.g
Source: Setup.exe, 0000000C.00000002.1423530742.000001DD41770000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0
Source: Setup.exe, 0000000C.00000002.1423842298.000001DD419CD000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0A
Source: Setup.exe, 0000000C.00000002.1423842298.000001DD419CD000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0C
Source: Setup.exe, 0000000C.00000002.1423842298.000001DD419CD000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0L
Source: Setup.exe, 0000000C.00000002.1423842298.000001DD419CD000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0O
Source: StrCmp.exe.12.dr String found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
Source: StrCmp.exe.12.dr String found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: StrCmp.exe.12.dr String found in binary or memory: http://ocsp.globalsign.com/gsgccr45codesignca20200V
Source: StrCmp.exe.12.dr String found in binary or memory: http://ocsp.globalsign.com/rootr30;
Source: screen_retriever_plugin.dll.12.dr String found in binary or memory: http://ocsp.sectigo.com0
Source: Setup.exe, 0000000C.00000002.1423530742.000001DD41770000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp2.globalsign.com/rootr30
Source: StrCmp.exe.12.dr String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: StrCmp.exe.12.dr String found in binary or memory: http://ocsp2.globalsign.com/rootr606
Source: Setup.exe, 0000000C.00000002.1423842298.000001DD419CD000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: Setup.exe, 0000000C.00000002.1423842298.000001DD419CD000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://s2.symcb.com0
Source: StrCmp.exe.12.dr String found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: StrCmp.exe.12.dr String found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45codesignca2020.crt0=
Source: StrCmp.exe.12.dr String found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
Source: StrCmp.exe.12.dr String found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
Source: Setup.exe, 0000000C.00000002.1423842298.000001DD419CD000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: Setup.exe, 0000000C.00000002.1423842298.000001DD419CD000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: Setup.exe, 0000000C.00000002.1423842298.000001DD419CD000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://sv.symcd.com0&
Source: Amcache.hve.42.dr String found in binary or memory: http://upx.sf.net
Source: Setup.exe, 0000000C.00000002.1423842298.000001DD419CD000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: Setup.exe, Setup.exe, 0000000C.00000002.1423842298.000001DD41977000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1572211498.0000000000A1E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.info-zip.org/
Source: Setup.exe, 0000000C.00000002.1423842298.000001DD419CD000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.symauth.com/cps0(
Source: Setup.exe, 0000000C.00000002.1423842298.000001DD419CD000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.symauth.com/rpa00
Source: Setup.exe, 0000000C.00000002.1423842298.000001DD419CD000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.vmware.com/0
Source: Setup.exe, 0000000C.00000002.1423842298.000001DD419CD000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.vmware.com/0/
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: http://www.w3c.orghttp://dev.w3.org/CSS/fonts/ahem/COPYING
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://anglebug.com/4674
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://anglebug.com/4830
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://anglebug.com/4849
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://anglebug.com/4966
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://anglebug.com/5140
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://anglebug.com/5536
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://anglebug.com/5845
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://anglebug.com/6574
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://anglebug.com/7161
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://anglebug.com/7162
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://anglebug.com/7246
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://anglebug.com/7246enableCaptureLimitsSet
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://anglebug.com/7308
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://anglebug.com/7319
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://anglebug.com/7320
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://anglebug.com/7369
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://anglebug.com/7382
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://anglebug.com/7405
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://anglebug.com/7489
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://anglebug.com/7604
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://anglebug.com/7714
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://anglebug.com/7847
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://anglebug.com/7899
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://chromium.googlesource.com/angle/angle/
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://crbug.com/1042393
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://crbug.com/1046462
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://crbug.com/1060012
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://crbug.com/1091824
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://crbug.com/1137851
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://crbug.com/1300575
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://crbug.com/1356053
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://crbug.com/593024
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://crbug.com/593024selectViewInGeometryShaderThe
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://crbug.com/650547
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://crbug.com/650547callClearTwiceUsing
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://crbug.com/655534
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://crbug.com/655534useSystemMemoryForConstantBuffersCopying
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://crbug.com/705865
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://crbug.com/710443
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://crbug.com/811661
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://crbug.com/848952
Source: Setup.exe, 0000000C.00000002.1423842298.000001DD419CD000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://d.symcb.com/cps0%
Source: Setup.exe, 0000000C.00000002.1423842298.000001DD419CD000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://d.symcb.com/rpa0
Source: flutter_windows.dll.12.dr String found in binary or memory: https://dartbug.com/52121.
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://dartbug.com/52121.Dart_WaitForEventwaitForEventSync
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://dartbug.com/52121.enable_deprecated_wait_fordart::../../third_party/dart/runtime/vm/dart_api
Source: flutter_windows.dll.12.dr String found in binary or memory: https://github.com/dart-lang/sdk/blob/master/runtime/docs/compiler/aot/entry_point_pragma.md
Source: flutter_windows.dll.12.dr String found in binary or memory: https://github.com/flutter/flutter/issues.
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://github.com/flutter/flutter/issues.Invalid
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://issuetracker.google.com/161903006
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://issuetracker.google.com/166809097
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://issuetracker.google.com/184850002
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://issuetracker.google.com/187425444
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://issuetracker.google.com/220069903
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://issuetracker.google.com/220069903emulatePixelLocalStorageEmulate
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://issuetracker.google.com/229267970
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://issuetracker.google.com/250706693
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://issuetracker.google.com/253522366
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://issuetracker.google.com/255411748
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://issuetracker.google.com/258207403
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://issuetracker.google.com/274859104
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://issuetracker.google.com/284462263
Source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: Setup.exe, 0000000C.00000003.1406944642.000001DD3F412000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000C.00000003.1405231073.000001DD41845000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000C.00000003.1407267999.000001DD41845000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000C.00000003.1407329097.000001DD3F412000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000C.00000003.1400892792.000001DD420B0000.00000004.00000001.00020000.00000000.sdmp, Setup.exe, 0000000C.00000003.1407535173.000001DD41845000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000C.00000003.1406881575.000001DD41845000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000001D.00000003.2062294663.000001B2C9A66000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000022.00000003.2154624325.0000013D427F5000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000022.00000003.2155473386.0000013D427F5000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000022.00000003.2155844822.0000013D404B3000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000022.00000003.2154987708.0000013D404B3000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000022.00000003.2153747812.0000013D427F5000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000022.00000003.2156220441.0000013D427F8000.00000004.00000020.00020000.00000000.sdmp, uni_links_desktop_plugin.dll.12.dr, window_manager_plugin.dll.12.dr, desktop_drop_plugin.dll.12.dr, flutter_windows.dll.12.dr, desktop_multi_window_plugin.dll.12.dr, window_size_plugin.dll.12.dr, url_launcher_windows_plugin.dll.12.dr String found in binary or memory: https://sectigo.com/CPS0
Source: Setup.exe, 0000000C.00000002.1423530742.000001DD41770000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.digicert.c
Source: Setup.exe, 0000000C.00000002.1423842298.000001DD419CD000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.digicert.com/CPS0
Source: StrCmp.exe.12.dr String found in binary or memory: https://www.globalsign.com/repository/0
Contains functionality to call native functions
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD41750D31 NtResumeThread, 12_2_000001DD41750D31
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD41977198 NtSuspendThread, 12_2_000001DD41977198
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 17_2_000001FBD9C6A198 NtSuspendThread, 17_2_000001FBD9C6A198
Source: C:\Users\user\Desktop\Setup.exe Code function: 29_2_000001B2CBF85198 NtSuspendThread, 29_2_000001B2CBF85198
Source: C:\Users\user\Desktop\Setup.exe Code function: 34_2_0000013D42922198 NtSuspendThread, 34_2_0000013D42922198
Detected potential crypto function
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD4175F3C0 12_2_000001DD4175F3C0
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD417615C0 12_2_000001DD417615C0
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD4175E2C0 12_2_000001DD4175E2C0
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD417604C0 12_2_000001DD417604C0
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD417626C0 12_2_000001DD417626C0
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD4198E78F 12_2_000001DD4198E78F
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD41996F9F 12_2_000001DD41996F9F
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD419BA730 12_2_000001DD419BA730
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD4197EE68 12_2_000001DD4197EE68
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD419A3EAF 12_2_000001DD419A3EAF
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD419A79BF 12_2_000001DD419A79BF
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD419A594F 12_2_000001DD419A594F
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD419968DF 12_2_000001DD419968DF
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD419B1437 12_2_000001DD419B1437
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD4198F41F 12_2_000001DD4198F41F
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD41983318 12_2_000001DD41983318
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD4197F2B8 12_2_000001DD4197F2B8
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD419A3A9F 12_2_000001DD419A3A9F
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD419AA5BF 12_2_000001DD419AA5BF
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD4199753F 12_2_000001DD4199753F
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD4199159F 12_2_000001DD4199159F
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD4198AC6F 12_2_000001DD4198AC6F
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD419A97BF 12_2_000001DD419A97BF
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD4198CB5F 12_2_000001DD4198CB5F
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 17_2_000001FBD9A50810 17_2_000001FBD9A50810
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 17_2_000001FBD9A52A10 17_2_000001FBD9A52A10
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 17_2_000001FBD9A4F710 17_2_000001FBD9A4F710
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 17_2_000001FBD9A51910 17_2_000001FBD9A51910
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 17_2_000001FBD9A53B10 17_2_000001FBD9A53B10
Source: C:\Users\user\Desktop\Setup.exe Code function: 29_2_000001B2CBD6A6D0 29_2_000001B2CBD6A6D0
Source: C:\Users\user\Desktop\Setup.exe Code function: 29_2_000001B2CBD6C8D0 29_2_000001B2CBD6C8D0
Source: C:\Users\user\Desktop\Setup.exe Code function: 29_2_000001B2CBD6EAD0 29_2_000001B2CBD6EAD0
Source: C:\Users\user\Desktop\Setup.exe Code function: 29_2_000001B2CBD6B7D0 29_2_000001B2CBD6B7D0
Source: C:\Users\user\Desktop\Setup.exe Code function: 29_2_000001B2CBD6D9D0 29_2_000001B2CBD6D9D0
Source: C:\Users\user\Desktop\Setup.exe Code function: 34_2_0000013D404B0C48 34_2_0000013D404B0C48
Source: C:\Users\user\Desktop\Setup.exe Code function: 34_2_0000013D4062F630 34_2_0000013D4062F630
Source: C:\Users\user\Desktop\Setup.exe Code function: 34_2_0000013D4062D430 34_2_0000013D4062D430
Source: C:\Users\user\Desktop\Setup.exe Code function: 34_2_0000013D4062E530 34_2_0000013D4062E530
Source: C:\Users\user\Desktop\Setup.exe Code function: 34_2_0000013D40630730 34_2_0000013D40630730
Source: C:\Users\user\Desktop\Setup.exe Code function: 34_2_0000013D4062C330 34_2_0000013D4062C330
Dropped file seen in connection with other malware
Source: Joe Sandbox View Dropped File: C:\Users\user\AppData\Roaming\Pluginsig\OZXLODVVKP\StrCmp.exe 118DE01FB498E81EAB4ADE980A621AF43B52265A9FCBAE5DEDC492CDF8889F35
One or more processes crash
Source: C:\Windows\SysWOW64\SearchIndexer.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 396
Source: StrCmp.exe Binary or memory string: @*\AE:\Eigene Dateien\VB-Zeugs\Projekte\K700 Manager\Bluetooth Daemon\AsyncStartDemo.vbp
Source: Setup.exe, 0000000C.00000002.1423842298.000001DD419CD000.00000004.00000020.00020000.00000000.sdmp, StrCmp.exe, 0000000D.00000000.1408743392.0000000000401000.00000020.00000001.01000000.00000015.sdmp, StrCmp.exe, 0000000D.00000002.1444380121.0000000000401000.00000020.00000001.01000000.00000015.sdmp, more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp, StrCmp.exe.12.dr Binary or memory string: @`@*\AE:\Eigene Dateien\VB-Zeugs\Projekte\K700 Manager\Bluetooth Daemon\AsyncStartDemo.vbp
Source: classification engine Classification label: mal100.troj.evad.winZIP@31/40@0/0
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe File created: C:\Users\user\AppData\Roaming\Pluginsig Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pluginsig\OZXLODVVKP\StrCmp.exe Mutant created: NULL
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1060
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5972:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4252
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4712:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3068:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4516
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5952:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6268
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe File created: C:\Users\user\AppData\Local\Temp\2866274d Jump to behavior
Source: C:\Windows\System32\rundll32.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: unknown Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: !!SetUp_2244_PassW0rds$.zip Virustotal: Detection: 61%
Source: Setup.exe String found in binary or memory: more-help
Source: Setup.exe String found in binary or memory: wild-stop-dirs
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe File read: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\dorhncv Jump to behavior
Source: unknown Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe "C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe"
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Process created: C:\Users\user\AppData\Roaming\Pluginsig\OZXLODVVKP\StrCmp.exe C:\Users\user\AppData\Roaming\Pluginsig\OZXLODVVKP\StrCmp.exe
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Process created: C:\Windows\SysWOW64\more.com C:\Windows\SysWOW64\more.com
Source: C:\Windows\SysWOW64\more.com Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\more.com Process created: C:\Windows\SysWOW64\SearchIndexer.exe C:\Windows\SysWOW64\SearchIndexer.exe
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe "C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe"
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Process created: C:\Windows\SysWOW64\more.com C:\Windows\SysWOW64\more.com
Source: C:\Windows\SysWOW64\more.com Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\SearchIndexer.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 396
Source: C:\Windows\SysWOW64\more.com Process created: C:\Windows\SysWOW64\SearchIndexer.exe C:\Windows\SysWOW64\SearchIndexer.exe
Source: C:\Windows\SysWOW64\SearchIndexer.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 396
Source: unknown Process created: C:\Users\user\Desktop\Setup.exe "C:\Users\user\Desktop\Setup.exe"
Source: C:\Users\user\Desktop\Setup.exe Process created: C:\Windows\SysWOW64\more.com C:\Windows\SysWOW64\more.com
Source: C:\Windows\SysWOW64\more.com Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown Process created: C:\Users\user\Desktop\Setup.exe "C:\Users\user\Desktop\Setup.exe"
Source: C:\Users\user\Desktop\Setup.exe Process created: C:\Windows\SysWOW64\more.com C:\Windows\SysWOW64\more.com
Source: C:\Windows\SysWOW64\more.com Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\more.com Process created: C:\Windows\SysWOW64\SearchIndexer.exe C:\Windows\SysWOW64\SearchIndexer.exe
Source: C:\Windows\SysWOW64\SearchIndexer.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 212
Source: C:\Windows\SysWOW64\more.com Process created: C:\Windows\SysWOW64\SearchIndexer.exe C:\Windows\SysWOW64\SearchIndexer.exe
Source: C:\Windows\SysWOW64\SearchIndexer.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 384
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Process created: C:\Users\user\AppData\Roaming\Pluginsig\OZXLODVVKP\StrCmp.exe C:\Users\user\AppData\Roaming\Pluginsig\OZXLODVVKP\StrCmp.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Process created: C:\Windows\SysWOW64\more.com C:\Windows\SysWOW64\more.com Jump to behavior
Source: C:\Windows\SysWOW64\more.com Process created: C:\Windows\SysWOW64\SearchIndexer.exe C:\Windows\SysWOW64\SearchIndexer.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Process created: C:\Windows\SysWOW64\more.com C:\Windows\SysWOW64\more.com Jump to behavior
Source: C:\Windows\SysWOW64\more.com Process created: C:\Windows\SysWOW64\SearchIndexer.exe C:\Windows\SysWOW64\SearchIndexer.exe Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Process created: C:\Windows\SysWOW64\more.com C:\Windows\SysWOW64\more.com Jump to behavior
Source: C:\Windows\SysWOW64\more.com Process created: C:\Windows\SysWOW64\SearchIndexer.exe C:\Windows\SysWOW64\SearchIndexer.exe Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Process created: C:\Windows\SysWOW64\more.com C:\Windows\SysWOW64\more.com Jump to behavior
Source: C:\Windows\SysWOW64\more.com Process created: C:\Windows\SysWOW64\SearchIndexer.exe C:\Windows\SysWOW64\SearchIndexer.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: desktop_drop_plugin.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: desktop_multi_window_plugin.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: file_selector_windows_plugin.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: flutter_custom_cursor_plugin.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: flutter_gpu_texture_renderer_plugin.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: screen_retriever_plugin.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: texture_rgba_renderer_plugin.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: uni_links_desktop_plugin.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: url_launcher_windows_plugin.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: window_manager_plugin.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: window_size_plugin.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: url_launcher_windows_plugin.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: window_size_plugin.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: texture_rgba_renderer_plugin.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: opengl32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: uiautomationcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: d3d9.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: glu32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: pla.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: pdh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: tdh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: wevtapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: shdocvw.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pluginsig\OZXLODVVKP\StrCmp.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pluginsig\OZXLODVVKP\StrCmp.exe Section loaded: msvbvm60.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pluginsig\OZXLODVVKP\StrCmp.exe Section loaded: vb6zz.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pluginsig\OZXLODVVKP\StrCmp.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pluginsig\OZXLODVVKP\StrCmp.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pluginsig\OZXLODVVKP\StrCmp.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pluginsig\OZXLODVVKP\StrCmp.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pluginsig\OZXLODVVKP\StrCmp.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pluginsig\OZXLODVVKP\StrCmp.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pluginsig\OZXLODVVKP\StrCmp.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pluginsig\OZXLODVVKP\StrCmp.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pluginsig\OZXLODVVKP\StrCmp.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pluginsig\OZXLODVVKP\StrCmp.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\more.com Section loaded: ulib.dll Jump to behavior
Source: C:\Windows\SysWOW64\more.com Section loaded: fsutilext.dll Jump to behavior
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: tquery.dll Jump to behavior
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: mssrch.dll Jump to behavior
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: cryptdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: esent.dll Jump to behavior
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: shdocvw.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: desktop_drop_plugin.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: desktop_multi_window_plugin.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: file_selector_windows_plugin.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: flutter_custom_cursor_plugin.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: flutter_gpu_texture_renderer_plugin.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: screen_retriever_plugin.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: texture_rgba_renderer_plugin.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: uni_links_desktop_plugin.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: url_launcher_windows_plugin.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: window_manager_plugin.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: window_size_plugin.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: url_launcher_windows_plugin.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: window_size_plugin.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: texture_rgba_renderer_plugin.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: opengl32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: uiautomationcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: d3d9.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: glu32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: pla.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: pdh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: tdh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: wevtapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: shdocvw.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Windows\SysWOW64\more.com Section loaded: ulib.dll Jump to behavior
Source: C:\Windows\SysWOW64\more.com Section loaded: fsutilext.dll Jump to behavior
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: tquery.dll Jump to behavior
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: mssrch.dll Jump to behavior
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: cryptdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: esent.dll Jump to behavior
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: shdocvw.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: desktop_drop_plugin.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: desktop_multi_window_plugin.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: file_selector_windows_plugin.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: flutter_custom_cursor_plugin.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: flutter_gpu_texture_renderer_plugin.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: screen_retriever_plugin.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: texture_rgba_renderer_plugin.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: uni_links_desktop_plugin.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: url_launcher_windows_plugin.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: window_manager_plugin.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: window_size_plugin.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: url_launcher_windows_plugin.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: window_size_plugin.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: texture_rgba_renderer_plugin.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: opengl32.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: uiautomationcore.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: d3d9.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: glu32.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: pla.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: pdh.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: tdh.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: wevtapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: shdocvw.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Windows\SysWOW64\more.com Section loaded: ulib.dll Jump to behavior
Source: C:\Windows\SysWOW64\more.com Section loaded: fsutilext.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: desktop_drop_plugin.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: desktop_multi_window_plugin.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: file_selector_windows_plugin.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: flutter_custom_cursor_plugin.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: flutter_gpu_texture_renderer_plugin.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: screen_retriever_plugin.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: texture_rgba_renderer_plugin.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: uni_links_desktop_plugin.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: url_launcher_windows_plugin.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: window_manager_plugin.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: window_size_plugin.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: flutter_windows.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: opengl32.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: uiautomationcore.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: d3d9.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: glu32.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: pla.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: pdh.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: tdh.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: wevtapi.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: shdocvw.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Windows\SysWOW64\more.com Section loaded: ulib.dll Jump to behavior
Source: C:\Windows\SysWOW64\more.com Section loaded: fsutilext.dll Jump to behavior
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: tquery.dll Jump to behavior
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: mssrch.dll Jump to behavior
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: tquery.dll Jump to behavior
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: cryptdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: cryptdll.dll Jump to behavior
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: esent.dll Jump to behavior
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: shdocvw.dll Jump to behavior
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: tquery.dll
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: mssrch.dll
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: cryptdll.dll
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: cryptdll.dll
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: esent.dll
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: wldp.dll
Source: C:\Windows\SysWOW64\SearchIndexer.exe Section loaded: shdocvw.dll
Source: Window Recorder Window detected: More than 3 window changes detected
Source: !!SetUp_2244_PassW0rds$.zip Static file information: File size 27132933 > 1048576
Source: Binary string: C:\b\s\w\ir\cache\builder\src\out\host_release\flutter_windows.dll.pdb source: Setup.exe, 0000000C.00000002.1435656829.00007FFF27318000.00000002.00000001.01000000.00000011.sdmp, flutter_windows.dll.12.dr
Source: Binary string: ntdll.pdb source: Setup.exe, 0000000C.00000002.1424868142.000001DD41EB0000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 0000000C.00000002.1424214442.000001DD41ABC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wntdll.pdbUGP source: more.com, 0000000E.00000002.1574162025.0000000004322000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1576088788.0000000004680000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ntdll.pdbUGP source: Setup.exe, 0000000C.00000002.1424868142.000001DD41EB0000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 0000000C.00000002.1424214442.000001DD41ABC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: more.com, 0000000E.00000002.1574162025.0000000004322000.00000004.00000020.00020000.00000000.sdmp, more.com, 0000000E.00000002.1576088788.0000000004680000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: gpapi.pdb source: more.com, 0000000E.00000002.1577787068.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, SearchIndexer.exe, 00000010.00000002.1623238842.000000000097F000.00000008.00000001.01000000.00000000.sdmp, ohj.18.dr, dqgis.30.dr, vtesbhvscpflt.35.dr, fpmss.14.dr
Source: Binary string: gpapi.pdbUGP source: more.com, 0000000E.00000002.1577787068.0000000004C30000.00000004.00001000.00020000.00000000.sdmp, SearchIndexer.exe, 00000010.00000002.1623238842.000000000097F000.00000008.00000001.01000000.00000000.sdmp, ohj.18.dr, dqgis.30.dr, vtesbhvscpflt.35.dr, fpmss.14.dr
PE file contains an invalid checksum
Source: dqgis.30.dr Static PE information: real checksum: 0x0 should be: 0x5f96c
Source: fpmss.14.dr Static PE information: real checksum: 0x0 should be: 0x5f96c
Source: flutter_gpu_texture_renderer_plugin.dll.12.dr Static PE information: real checksum: 0x56a83 should be: 0x5f1f7
Source: vtesbhvscpflt.35.dr Static PE information: real checksum: 0x0 should be: 0x5f96c
Source: ohj.18.dr Static PE information: real checksum: 0x0 should be: 0x5f96c
PE file contains sections with non-standard names
Source: flutter_windows.dll.12.dr Static PE information: section name: _RDATA
Source: fpmss.14.dr Static PE information: section name: wcstg
Source: ohj.18.dr Static PE information: section name: wcstg
Source: dqgis.30.dr Static PE information: section name: wcstg
Source: vtesbhvscpflt.35.dr Static PE information: section name: wcstg
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_0000001A54AFCE42 push ecx; retf 12_2_0000001A54AFCE49
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_0000001A54AFD002 push ecx; retf 12_2_0000001A54AFD009
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_0000001A54AFA47F push ecx; retf 12_2_0000001A54AFA489
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_0000001A54AFAA8F push ecx; retf 12_2_0000001A54AFAA99
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_0000001A54AFAB0F push ecx; retf 12_2_0000001A54AFAB19
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_0000001A54AFE020 pushad ; retf 12_2_0000001A54AFE021
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_0000001A54AFA8F2 push ecx; retf 12_2_0000001A54AFA8F9
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD3F3D7772 push esi; iretd 12_2_000001DD3F3D7773
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD3F3CDC70 pushad ; retf 12_2_000001DD3F3CDC71
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD3F3D19E3 push eax; iretd 12_2_000001DD3F3D1A31
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD3F3D510B push eax; ret 12_2_000001DD3F3D512A
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD41755F5C pushfd ; retf 12_2_000001DD41755F5D
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD41756023 push esi; ret 12_2_000001DD41756025
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD4199D131 push 3B0CC483h; ret 12_2_000001DD4199D136
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD419ACABF push eax; ret 12_2_000001DD419ACAED
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 17_2_00000089612FE410 pushad ; retf 17_2_00000089612FE411
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 17_2_00000089612FB920 push ecx; retf 17_2_00000089612FB929
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 17_2_00000089612FA86F push ecx; retf 17_2_00000089612FA879
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 17_2_00000089612FD3EF push ecx; retf 17_2_00000089612FD3F9
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 17_2_000001FBD76205C0 push eax; ret 17_2_000001FBD76205C1
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 17_2_000001FBD9A47473 push esi; ret 17_2_000001FBD9A47475
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 17_2_000001FBD9A473AC pushfd ; retf 17_2_000001FBD9A473AD
Source: C:\Users\user\Desktop\Setup.exe Code function: 29_2_0000000A9C1AD31F push ecx; retf 29_2_0000000A9C1AD329
Source: C:\Users\user\Desktop\Setup.exe Code function: 29_2_0000000A9C1ABA0F push FFFFFFEAh; retf 29_2_0000000A9C1ABA3B
Source: C:\Users\user\Desktop\Setup.exe Code function: 29_2_0000000A9C1ABA3C push FFFFFFEAh; retf 29_2_0000000A9C1ABA53
Source: C:\Users\user\Desktop\Setup.exe Code function: 29_2_0000000A9C1AE340 pushad ; retf 29_2_0000000A9C1AE341
Source: C:\Users\user\Desktop\Setup.exe Code function: 29_2_0000000A9C1AB84F push ecx; retf 29_2_0000000A9C1AB859
Source: C:\Users\user\Desktop\Setup.exe Code function: 29_2_0000000A9C1ABA70 push FFFFFFEAh; retf 29_2_0000000A9C1ABA93
Source: C:\Users\user\Desktop\Setup.exe Code function: 29_2_000001B2C99EC189 push eax; retf 29_2_000001B2C99EC2E1
Source: C:\Users\user\Desktop\Setup.exe Code function: 29_2_000001B2C99ECB9A push eax; retf 29_2_000001B2C99ECBD9
Source: C:\Users\user\Desktop\Setup.exe Code function: 29_2_000001B2C99ECF1A push eax; retf 29_2_000001B2C99ECF59
Drops PE files
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe File created: C:\Users\user\AppData\Roaming\Pluginsig\window_manager_plugin.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe File created: C:\Users\user\AppData\Roaming\Pluginsig\desktop_multi_window_plugin.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe File created: C:\Users\user\AppData\Roaming\Pluginsig\flutter_windows.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe File created: C:\Users\user\AppData\Roaming\Pluginsig\url_launcher_windows_plugin.dll Jump to dropped file
Source: C:\Windows\SysWOW64\more.com File created: C:\Users\user\AppData\Local\Temp\ohj Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe File created: C:\Users\user\AppData\Roaming\Pluginsig\desktop_drop_plugin.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe File created: C:\Users\user\AppData\Roaming\Pluginsig\flutter_custom_cursor_plugin.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe File created: C:\Users\user\AppData\Roaming\Pluginsig\OZXLODVVKP\StrCmp.exe Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe File created: C:\Users\user\AppData\Roaming\Pluginsig\uni_links_desktop_plugin.dll Jump to dropped file
Source: C:\Windows\SysWOW64\more.com File created: C:\Users\user\AppData\Local\Temp\dqgis Jump to dropped file
Source: C:\Windows\SysWOW64\more.com File created: C:\Users\user\AppData\Local\Temp\vtesbhvscpflt Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe File created: C:\Users\user\AppData\Roaming\Pluginsig\file_selector_windows_plugin.dll Jump to dropped file
Source: C:\Windows\SysWOW64\more.com File created: C:\Users\user\AppData\Local\Temp\fpmss Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe File created: C:\Users\user\AppData\Roaming\Pluginsig\flutter_gpu_texture_renderer_plugin.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe File created: C:\Users\user\AppData\Roaming\Pluginsig\texture_rgba_renderer_plugin.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe File created: C:\Users\user\AppData\Roaming\Pluginsig\screen_retriever_plugin.dll Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe File created: C:\Users\user\AppData\Roaming\Pluginsig\window_size_plugin.dll Jump to dropped file
Drops files with a non-matching file extension (content does not match file extension)
Source: C:\Windows\SysWOW64\more.com File created: C:\Users\user\AppData\Local\Temp\fpmss Jump to dropped file
Source: C:\Windows\SysWOW64\more.com File created: C:\Users\user\AppData\Local\Temp\ohj Jump to dropped file
Source: C:\Windows\SysWOW64\more.com File created: C:\Users\user\AppData\Local\Temp\dqgis Jump to dropped file
Source: C:\Windows\SysWOW64\more.com File created: C:\Users\user\AppData\Local\Temp\vtesbhvscpflt Jump to dropped file

Hooking and other Techniques for Hiding and Protection
barindex
Found hidden mapped module (file has been removed from disk)
Source: C:\Windows\SysWOW64\more.com Module Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\FPMSS
Source: C:\Windows\SysWOW64\more.com Module Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\OHJ
Source: C:\Windows\SysWOW64\more.com Module Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\DQGIS
Source: C:\Windows\SysWOW64\more.com Module Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\VTESBHVSCPFLT
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\Pluginsig\OZXLODVVKP\StrCmp.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion
barindex
Switches to a custom stack to bypass stack traces
Source: C:\Windows\SysWOW64\more.com API/Special instruction interceptor: Address: 6C933B54
Source: C:\Windows\SysWOW64\SearchIndexer.exe API/Special instruction interceptor: Address: B3DC57
Source: C:\Windows\SysWOW64\more.com API/Special instruction interceptor: Address: 6CC23B54
Contains functionality to detect virtual machines (SLDT)
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD3F3D2750 sldt word ptr [eax] 12_2_000001DD3F3D2750
Found dropped PE file which has not been started or loaded
Source: C:\Windows\SysWOW64\more.com Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\ohj Jump to dropped file
Source: C:\Windows\SysWOW64\more.com Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dqgis Jump to dropped file
Source: C:\Windows\SysWOW64\more.com Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\vtesbhvscpflt Jump to dropped file
Source: C:\Windows\SysWOW64\more.com Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\fpmss Jump to dropped file
Source: flutter_windows.dll.12.dr Binary or memory string: (IsLinux() && isVMWare) || (IsAndroid() && isNvidia) || (IsAndroid() && GetAndroidSdkLevel() < 27 && IsAdreno5xxOrOlder(functions)) || (!isMesa && IsMaliT8xxOrOlder(functions)) || (!isMesa && IsMaliG31OrOlder(functions))
Source: flutter_windows.dll.12.dr Binary or memory string: VMware
Source: Amcache.hve.42.dr Binary or memory string: VMware Virtual USB Mouse
Source: more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: http://www.vmware.com/0
Source: Amcache.hve.42.dr Binary or memory string: vmci.syshbin
Source: Amcache.hve.42.dr Binary or memory string: VMware, Inc.
Source: more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware, Inc.1!0
Source: Amcache.hve.42.dr Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.42.dr Binary or memory string: VMware-42 27 c8 0c e4 52 1d cc-a0 8f d3 a4 82 3e 8f 04
Source: Amcache.hve.42.dr Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.42.dr Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.42.dr Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: http://www.vmware.com/0/
Source: Amcache.hve.42.dr Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware, Inc.1
Source: more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware, Inc.0
Source: Amcache.hve.42.dr Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.42.dr Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.42.dr Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: flutter_windows.dll.12.dr Binary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
Source: Amcache.hve.42.dr Binary or memory string: vmci.sys
Source: more.com, 0000000E.00000002.1572211498.0000000000A67000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: noreply@vmware.com0
Source: Amcache.hve.42.dr Binary or memory string: vmci.syshbin`
Source: Amcache.hve.42.dr Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.42.dr Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.42.dr Binary or memory string: VMware20,1
Source: Amcache.hve.42.dr Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.42.dr Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.42.dr Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: flutter_windows.dll.12.dr Binary or memory string: IIBroadcomGoogleMesaMicrosoftSamsung Electronics Co., Ltd.VivanteVMwareVirtIOTest
Source: Amcache.hve.42.dr Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.42.dr Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.42.dr Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.42.dr Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.42.dr Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.42.dr Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.42.dr Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.42.dr Binary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Process information queried: ProcessInformation Jump to behavior
Checks if the current process is being debugged
Source: C:\Windows\SysWOW64\SearchIndexer.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\SysWOW64\SearchIndexer.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\SysWOW64\SearchIndexer.exe Process queried: DebugPort Jump to behavior
Source: C:\Windows\SysWOW64\SearchIndexer.exe Process queried: DebugPort
Contains functionality to read the PEB
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD419779C4 mov eax, dword ptr fs:[00000030h] 12_2_000001DD419779C4
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD41977ABE mov eax, dword ptr fs:[00000030h] 12_2_000001DD41977ABE
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 12_2_000001DD4198749F mov eax, dword ptr fs:[00000030h] 12_2_000001DD4198749F
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 17_2_000001FBD9C6AABE mov eax, dword ptr fs:[00000030h] 17_2_000001FBD9C6AABE
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Code function: 17_2_000001FBD9C6A9C4 mov eax, dword ptr fs:[00000030h] 17_2_000001FBD9C6A9C4
Source: C:\Users\user\Desktop\Setup.exe Code function: 29_2_000001B2CBF859C4 mov eax, dword ptr fs:[00000030h] 29_2_000001B2CBF859C4
Source: C:\Users\user\Desktop\Setup.exe Code function: 29_2_000001B2CBF85ABE mov eax, dword ptr fs:[00000030h] 29_2_000001B2CBF85ABE
Source: C:\Users\user\Desktop\Setup.exe Code function: 34_2_0000013D42922ABE mov eax, dword ptr fs:[00000030h] 34_2_0000013D42922ABE
Source: C:\Users\user\Desktop\Setup.exe Code function: 34_2_0000013D429229C4 mov eax, dword ptr fs:[00000030h] 34_2_0000013D429229C4

HIPS / PFW / Operating System Protection Evasion
barindex
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Users\user\Desktop\Setup.exe NtClose: Direct from: 0x13D4061EF40
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe NtQuerySystemInformation: Direct from: 0x1DD4174B310 Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe NtAllocateVirtualMemory: Direct from: 0x7FFF295E8E14 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe NtQuerySystemInformation: Direct from: 0x1DD00000000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe NtAllocateVirtualMemory: Direct from: 0x7FFF26319635 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe NtCreateNamedPipeFile: Direct from: 0x7FFF26262E70 Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe NtReadFile: Direct from: 0x110 Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe NtCreateNamedPipeFile: Direct from: 0x7FFF295D2E70 Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe NtAllocateVirtualMemory: Direct from: 0x7FFF29B79635 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe NtAllocateVirtualMemory: Direct from: 0x7FFF26278E14 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe NtCreateFile: Direct from: 0x7FFF263197E6 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe NtClose: Direct from: 0x7FFF2631982C
Source: C:\Users\user\Desktop\Setup.exe NtQuerySystemInformation: Direct from: 0x1B2C9980000 Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe NtProtectVirtualMemory: Direct from: 0x7FFF295E94F5 Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe NtQueryAttributesFile: Direct from: 0x1B2CBD762FC Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe NtQuerySystemInformation: Direct from: 0x1FB00000000 Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe NtAllocateVirtualMemory: Direct from: 0xA0A76ACB Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe NtQueryAttributesFile: Direct from: 0x13D4063949C Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe NtCreateNamedPipeFile: Direct from: 0x7FFF26302E70 Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe NtClose: Direct from: 0x2
Source: C:\Users\user\Desktop\Setup.exe NtProtectVirtualMemory: Direct from: 0x3 Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe NtProtectVirtualMemory: Direct from: 0x7FFF4F2826A1 Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe NtQuerySystemInformation: Direct from: 0x1B200000000 Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe NtProtectVirtualMemory: Direct from: 0xA9C1ADFE0 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe NtProtectVirtualMemory: Direct from: 0x7FFF2631973A Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe NtProtectVirtualMemory: Direct from: 0x7FFF263194F5 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe NtClose: Direct from: 0x1FBD9A42320
Source: C:\Users\user\Desktop\Setup.exe NtAllocateVirtualMemory: Direct from: 0x13D404B0900 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe NtAllocateVirtualMemory: Direct from: 0x7FFF26279635 Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe NtProtectVirtualMemory: Direct from: 0x9F26FDF80 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe NtAllocateVirtualMemory: Direct from: 0x1FBD9A3C010 Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe NtProtectVirtualMemory: Direct from: 0x7FFF29B794F5 Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe NtQuerySystemInformation: Direct from: 0x7FFF40CB21D3 Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe NtQuerySystemInformation: Direct from: 0x6C Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe NtCreateFile: Direct from: 0xADCD Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe NtClose: Direct from: 0x1B2CBD5D2E0
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe NtClose: Direct from: 0x7FFF26304F3A
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe NtAllocateVirtualMemory: Direct from: 0x7FFF26318E14 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe NtProtectVirtualMemory: Direct from: 0x89612FE0B0 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe NtQueryAttributesFile: Direct from: 0x1DD3F3CAF06 Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe NtAllocateVirtualMemory: Direct from: 0x7FFF29B78E14 Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe NtQuerySystemInformation: Direct from: 0x13D40320000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe NtClose: Direct from: 0x1DD41750ED0
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe NtWriteFile: Direct from: 0x7FFF26319822 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe NtAllocateVirtualMemory: Direct from: 0x1DD4174A250 Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe NtAllocateVirtualMemory: Direct from: 0x7FFF295E9635 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe NtProtectVirtualMemory: Direct from: 0x1A54AFDCC0 Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe NtProtectVirtualMemory: Direct from: 0x6C006C Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe NtQueryVolumeInformationFile: Direct from: 0x7FFF26304FA5 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe NtQueryAttributesFile: Direct from: 0x1FBD9A5AB16 Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe NtCreateNamedPipeFile: Direct from: 0x7FFF29B62E70 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe NtProtectVirtualMemory: Direct from: 0x7FFF262794F5 Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe NtQuerySystemInformation: Direct from: 0x13D00000000 Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe NtAllocateVirtualMemory: Direct from: 0x1B2C99FF1D0 Jump to behavior
LummaC encrypted strings found
Source: more.com, 0000000E.00000002.1577787068.0000000004C30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: caffegclasiqwp.shop
Source: more.com, 0000000E.00000002.1577787068.0000000004C30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: stamppreewntnq.shop
Source: more.com, 0000000E.00000002.1577787068.0000000004C30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: stagedchheiqwo.shop
Source: more.com, 0000000E.00000002.1577787068.0000000004C30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: millyscroqwp.shop
Source: more.com, 0000000E.00000002.1577787068.0000000004C30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: evoliutwoqm.shop
Source: more.com, 0000000E.00000002.1577787068.0000000004C30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: condedqpwqm.shop
Source: more.com, 0000000E.00000002.1577787068.0000000004C30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: traineiwnqo.shop
Source: more.com, 0000000E.00000002.1577787068.0000000004C30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: locatedblsoqp.shop
Source: more.com, 0000000E.00000002.1577787068.0000000004C30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: shadowqsnqop.shop
Maps a DLL or memory area into another process
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: NULL target: C:\Windows\SysWOW64\more.com protection: read write Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Section loaded: NULL target: C:\Windows\SysWOW64\more.com protection: read write Jump to behavior
Source: C:\Windows\SysWOW64\more.com Section loaded: NULL target: C:\Windows\SysWOW64\SearchIndexer.exe protection: read write Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: NULL target: C:\Windows\SysWOW64\more.com protection: read write Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Section loaded: NULL target: C:\Windows\SysWOW64\more.com protection: read write Jump to behavior
Source: C:\Windows\SysWOW64\more.com Section loaded: NULL target: C:\Windows\SysWOW64\SearchIndexer.exe protection: read write Jump to behavior
Writes to foreign memory regions
Source: C:\Windows\SysWOW64\more.com Memory written: C:\Windows\SysWOW64\SearchIndexer.exe base: B3B300 Jump to behavior
Source: C:\Windows\SysWOW64\more.com Memory written: C:\Windows\SysWOW64\SearchIndexer.exe base: 930000 Jump to behavior
Source: C:\Windows\SysWOW64\more.com Memory written: C:\Windows\SysWOW64\SearchIndexer.exe base: B3B300 Jump to behavior
Source: C:\Windows\SysWOW64\more.com Memory written: C:\Windows\SysWOW64\SearchIndexer.exe base: 270000 Jump to behavior
Source: C:\Windows\SysWOW64\more.com Memory written: C:\Windows\SysWOW64\SearchIndexer.exe base: B3B300 Jump to behavior
Source: C:\Windows\SysWOW64\more.com Memory written: C:\Windows\SysWOW64\SearchIndexer.exe base: A00000 Jump to behavior
Source: C:\Windows\SysWOW64\more.com Memory written: C:\Windows\SysWOW64\SearchIndexer.exe base: B3B300 Jump to behavior
Source: C:\Windows\SysWOW64\more.com Memory written: C:\Windows\SysWOW64\SearchIndexer.exe base: 6B0000 Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Process created: C:\Users\user\AppData\Roaming\Pluginsig\OZXLODVVKP\StrCmp.exe C:\Users\user\AppData\Roaming\Pluginsig\OZXLODVVKP\StrCmp.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Process created: C:\Windows\SysWOW64\more.com C:\Windows\SysWOW64\more.com Jump to behavior
Source: C:\Windows\SysWOW64\more.com Process created: C:\Windows\SysWOW64\SearchIndexer.exe C:\Windows\SysWOW64\SearchIndexer.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_!!SetUp_2244_PassW0rds$.zip\Setup.exe Process created: C:\Windows\SysWOW64\more.com C:\Windows\SysWOW64\more.com Jump to behavior
Source: C:\Windows\SysWOW64\more.com Process created: C:\Windows\SysWOW64\SearchIndexer.exe C:\Windows\SysWOW64\SearchIndexer.exe Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Process created: C:\Windows\SysWOW64\more.com C:\Windows\SysWOW64\more.com Jump to behavior
Source: C:\Windows\SysWOW64\more.com Process created: C:\Windows\SysWOW64\SearchIndexer.exe C:\Windows\SysWOW64\SearchIndexer.exe Jump to behavior
Source: C:\Users\user\Desktop\Setup.exe Process created: C:\Windows\SysWOW64\more.com C:\Windows\SysWOW64\more.com Jump to behavior
Source: C:\Windows\SysWOW64\more.com Process created: C:\Windows\SysWOW64\SearchIndexer.exe C:\Windows\SysWOW64\SearchIndexer.exe Jump to behavior
AV process strings found (often used to terminate AV products)
Source: Amcache.hve.42.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.42.dr Binary or memory string: msmpeng.exe
Source: Amcache.hve.42.dr Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.42.dr Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information
barindex
Yara detected LummaC Stealer
Source: Yara match File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected LummaC Stealer
Source: Yara match File source: decrypted.memstr, type: MEMORYSTR
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1500439 Sample: !!SetUp_2244_PassW0rds$.zip Startdate: 28/08/2024 Architecture: WINDOWS Score: 100 71 Multi AV Scanner detection for domain / URL 2->71 73 Found malware configuration 2->73 75 Antivirus detection for URL or domain 2->75 77 6 other signatures 2->77 8 Setup.exe 18 2->8         started        12 Setup.exe 2 2->12         started        14 Setup.exe 2 2->14         started        16 2 other processes 2->16 process3 file4 63 C:\Users\user\...\window_size_plugin.dll, PE32+ 8->63 dropped 65 C:\Users\user\...\window_manager_plugin.dll, PE32+ 8->65 dropped 67 C:\Users\...\url_launcher_windows_plugin.dll, PE32+ 8->67 dropped 69 10 other malicious files 8->69 dropped 89 Maps a DLL or memory area into another process 8->89 91 Found direct / indirect Syscall (likely to bypass EDR) 8->91 18 more.com 2 8->18         started        22 StrCmp.exe 8->22         started        24 more.com 2 12->24         started        26 more.com 2 14->26         started        28 more.com 2 16->28         started        signatures5 process6 file7 55 C:\Users\user\AppData\Local\Temp\fpmss, PE32 18->55 dropped 79 Writes to foreign memory regions 18->79 81 Found hidden mapped module (file has been removed from disk) 18->81 83 Switches to a custom stack to bypass stack traces 18->83 85 LummaC encrypted strings found 18->85 30 SearchIndexer.exe 18->30         started        33 conhost.exe 18->33         started        57 C:\Users\user\AppData\Local\Temp\ohj, PE32 24->57 dropped 87 Maps a DLL or memory area into another process 24->87 35 SearchIndexer.exe 24->35         started        37 conhost.exe 24->37         started        59 C:\Users\user\AppData\Local\...\vtesbhvscpflt, PE32 26->59 dropped 39 SearchIndexer.exe 26->39         started        41 conhost.exe 26->41         started        61 C:\Users\user\AppData\Local\Temp\dqgis, PE32 28->61 dropped 43 SearchIndexer.exe 28->43         started        45 conhost.exe 28->45         started        signatures8 process9 signatures10 93 Switches to a custom stack to bypass stack traces 30->93 47 WerFault.exe 3 21 30->47         started        49 WerFault.exe 21 35->49         started        51 WerFault.exe 39->51         started        53 WerFault.exe 21 43->53         started        process11
No contacted IP infos

Contacted URLs

Name Malicious Antivirus Detection Reputation
caffegclasiqwp.shop true
  • 21%, Virustotal, Browse
  • Avira URL Cloud: malware
 unknown
condedqpwqm.shop true
  • 18%, Virustotal, Browse
  • Avira URL Cloud: phishing
 unknown
stagedchheiqwo.shop true
  • 18%, Virustotal, Browse
  • Avira URL Cloud: phishing
 unknown
stamppreewntnq.shop true
  • 18%, Virustotal, Browse
  • Avira URL Cloud: phishing
 unknown