Edit tour

Windows Analysis Report
https://www.neat-reader.com/download/start-download?target=windows

Overview

General Information

Sample URL:	https://www.neat-reader.com/download/start-download?target=windows
Analysis ID:	1521513
Infos:

Detection

Score:	8
Range:	0 - 100
Whitelisted:	false
Confidence:	20%

Signatures

Contains functionality for read data from the clipboard

Contains functionality to call native functions

Contains functionality to dynamically determine API calls

Contains functionality to shutdown / reboot the system

Detected potential crypto function

Drops PE files

Enables security privileges

Found dropped PE file which has not been started or loaded

Installs a raw input device (often for capturing keystrokes)

PE file contains an invalid checksum

PE file contains sections with non-standard names

PE file does not import any functions

PE file overlay found

Stores files to the Windows start menu directory

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3572 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2584 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=2236,i,6439054695075565315,17960345864955142184,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4084 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6476 --field-trial-handle=2236,i,6439054695075565315,17960345864955142184,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5808 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6852 --field-trial-handle=2236,i,6439054695075565315,17960345864955142184,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3640 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.neat-reader.com/download/start-download?target=windows" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7152 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://play.google.com/store/apps/details?id=com.gzhi.neatreader.r2.main MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5332 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2012,i,1756451637922991175,14183001203310220918,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

NeatReader Setup 8.1.4.exe (PID: 1972 cmdline: "C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe" MD5: DEF17C832C3E8169A69D3E854193F59B)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Code function: 12_2_6F6F7CE9 CryptUnprotectData,		12_2_6F6F7CE9
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Code function: 12_2_6F6F7DA3 _wcsicmp,??2@YAPAXI@Z,CryptProtectData,		12_2_6F6F7DA3

Source: https://www.neat-reader.com/download/start-download?target=windows	HTTP Parser: No favicon
Source: https://www.neat-reader.com/download/start-download?target=windows	HTTP Parser: No favicon
Source: https://www.neat-reader.com/download/start-download?target=windows	HTTP Parser: No favicon
Source: https://www.neat-reader.com/download/android-epub-reader	HTTP Parser: No favicon
Source: https://www.neat-reader.com/	HTTP Parser: No favicon
Source: https://www.neat-reader.com/	HTTP Parser: No favicon
Source: https://play.google.com/store/apps/details?id=com.mobile.legends&pcampaignid=merch_published_cluster_promotion_battlestar_top_picks	HTTP Parser: No favicon
Source: https://www.neat-reader.com/auto-activity?guid=83f4c120-7dc1-4372-b266-ca17c2470b3f	HTTP Parser: No favicon

Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe

File created: C:\Program Files (x86)\NeatReader\LICENSE.electron.txt

Jump to behavior

Source:	Binary string: ffmpeg.dll.pdb source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2911017758.00000000065C0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: libEGL.dll.pdb source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2911017758.00000000065C0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: vulkan-1.dll.pdb source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2960405089.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 0000000C.00000003.2960137150.0000000005220000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964010022.00000000065C0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: electron.exe.pdb source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2965437167.0000000007505000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: electron.exe.pdb0 source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2965437167.0000000007505000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: libGLESv2.dll.pdb source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: libGLESv2.dll.pdbp" source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: vulkan-1.dll.pdb@ source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2960405089.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 0000000C.00000003.2960137150.0000000005220000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964010022.00000000065C0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: vk_swiftshader.dll.pdb source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964010022.00000000065C0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: M.pdB source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906478813.0000000004E45000.00000004.00001000.00020000.00000000.sdmp

Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Code function: 12_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	12_2_004059CC
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Code function: 12_2_004065FD FindFirstFileW,FindClose,	12_2_004065FD
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Code function: 12_2_00402868 FindFirstFileW,	12_2_00402868

Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	File opened: C:\Program Files (x86)\NeatReader\resources\app.asar.unpacked	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	File opened: C:\Program Files (x86)\NeatReader\resources	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	File opened: C:\Program Files (x86)\NeatReader\resources\app.asar.unpacked\node_modules\font-list\libs	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	File opened: C:\Program Files (x86)\NeatReader\resources\app.asar.unpacked\node_modules\font-list\libs\darwin	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	File opened: C:\Program Files (x86)\NeatReader\resources\app.asar.unpacked\node_modules	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	File opened: C:\Program Files (x86)\NeatReader\resources\app.asar.unpacked\node_modules\font-list	Jump to behavior

Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: * Google Hangouts Video: http://www.youtube.com/watch?v=I9nDOSGfwZg equals www.youtube.com (Youtube)
Source: chromecache_534.2.dr	String found in binary or memory: L.getElementsByTagName("iframe"),la=S.length,na=0;na<la;na++)if(!u&&c(S[na],H.Ge)){hJ("https://www.youtube.com/iframe_api");u=!0;break}})}}else F(v.vtp_gtmOnSuccess)}var q=["www.youtube.com","www.youtube-nocookie.com"],r={UNSTARTED:-1,ENDED:0,PLAYING:1,PAUSED:2,BUFFERING:3,CUED:5},t,u=!1;Z.__ytl=n;Z.__ytl.o="ytl";Z.__ytl.isVendorTemplate=!0;Z.__ytl.priorityOverride=0;Z.__ytl.isInfrastructure=!1; equals www.youtube.com (Youtube)
Source: chromecache_534.2.dr	String found in binary or memory: Math.round(q);v["gtm.videoElapsedTime"]=Math.round(f);v["gtm.videoPercent"]=r;v["gtm.videoVisible"]=t;return v},Yj:function(){e=zb()},nd:function(){d()}}};var gc=ja(["data-gtm-yt-inspected-"]),FC=["www.youtube.com","www.youtube-nocookie.com"],GC,HC=!1; equals www.youtube.com (Youtube)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2965089648.0000000006DC0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: V8.MemoryHeapUsedV8.MemoryHeapCommitted.gmail.docs.plus.inboxcalendar.google.com.calendarwww.youtube.com.youtube.top10sina.com.cnfacebook.combaidu.comqq.comtwitter.comtaobao.comlive.comwikipedia equals www.youtube.com (Youtube)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2965089648.0000000006DC0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)

Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1085
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1452
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1452expand_integer_pow_expressionsThe
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1512
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1637
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1936
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2046
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2152
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2152skip_vs_constant_register_zeroIn
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2162
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2273
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2514
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2517
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2727
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2970
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2978
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3016
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3027
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3045
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3078
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3153
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3205
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3206
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3243
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3246
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3246allow_clear_for_robust_resource_initSome
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3452
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3498
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3502
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3529
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3584
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3623
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3624
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3625
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3682
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3682GL_USES_FRAG_COLORGL_USES_FRAG_DATA_SECONDARY_COLORGL_USES_SECONDARGL_USES_F
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3729
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3859
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3970
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3997
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4214
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4267
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4324
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4339
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4384
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4405
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4428
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4551
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4633
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4646
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/482
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4836
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4901
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4937
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4995
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5007
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5007disable_anisotropic_filteringDisable
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5055
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5061
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5281
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5375
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5469
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5535
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5750
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5750ANGLE_DEFAULT_PLATFORMvulkanvulkan-nullswiftshadergld3d11GPU.ANGLE.DisplayIn
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://blog.izs.me
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906478813.0000000004E7A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://blog.izs.me/
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://blog.izs.me/)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/1094869
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/110263
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/1144207
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/1165751
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/1165751Disable
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/1171371
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/308366
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/403957
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/565179
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/642227
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/642605
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/644669
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/650547
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/672380
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/709351
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/772651
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/797243
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/809422
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/830046
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/849576
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/883276
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/927470
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/941620
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://crbug.com/941620allow_translate_uniform_block_to_structured_bufferThere
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://creativecommons.org/publicdomain/zero/1.0/
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://debuggable.com/
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-ecmascript-function-objects-call-thisargument-argume
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906478813.0000000004E7A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-object.keys)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906478813.0000000004E7A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-object.prototype.tostring)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-patterns).
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-properties-of-the-map-prototype-object)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-samevaluezero)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-template-literal-lexical-components).
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906478813.0000000004E7A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-tolength).
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906478813.0000000004E7A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://eev.ee/blog/2015/09/12/dark-corners-of-unicode/).
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ejohn.org/blog/javascript-micro-templating/)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 0000000C.00000003.2965437167.0000000007300000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://feross.org
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/00e8f7a1b7603aabdb7fb3567f485cb1c2076702)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/0251b38a8405471892c5eeaba7c8d54bd7028214)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/04e07fdc620841068f12b8edf36f27e6592a0a18)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/12960c437cc25c53e682cfe5bff06d74a5bb1eb9)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/130e363856747b487652f04b5550056d7778e43a)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/132c9ee63f92a586a120ed3bd6b7ef023badb8bb)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/2180839eda2cb16edcfda46ccfe24711680af850)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/219bf22237b11bc375e2e110b93db512f1acfdd4)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/23f7f545abfe1fb6499cd61cc8ff41fd86cef4a0)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/287e589ac773d3738b2aa7d40e0b6d43dde5261b)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/2c86b10feafd868ebd071dda3a222e6f51972b5d)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/2d1c5981869e0fe6f5bc71b5c5582accfd125cc6)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/2ee32f50b88b383317e33cc0a4bfaa5f2eadead7)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/2f2078bf998bd3f44289ebd17eeccf5e12e4c134)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/325792aee92de0ba6fea306657933fc63dc00474)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/3b23865340cfba075f61f7dba0ea31fcc27260ec)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/422e539e8989e65ba43ecc39ddbaa3c4f755d465)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/48993ade9b0831fbce28d94b3b0963a4b0dccbdd)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/49642428342e5f291eb9d690802e83ed830623b5)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/4dc56f6d04e8f5fe12ba53a8a776653b3d7b60ed)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/4f968298f97394e488297ec32c8e927a3a322076)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/52a673703a87a93c0f6a8552e6bd73caba66d2eb)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/54e8fab3e3d907bbb264caf3e28a24773d0d6fdb)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/5560f729124f022ffed00085aafea43dded7fb03)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/5810f279a4caeda115f39e429c9671795613abf8)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/5afff89eca0efe7081309dc2d123309e825df221)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/62f29eb0c4dee01170a5511615e5bcc9faca26ca)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/71aaa29591d6681f8579486f18d32ba1ee651a5b)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/72f325b78edd0dc2aac940a76ce5f644005ce4c3)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/75233d974a30af6e3b8ab38a73e5ede67172fc1c)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/7e46c2058cb5994809eab5f4dbb12f21e937c72b)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/817b49830571b45a8aec6b1fc1525434f5798c58)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/88b92b43153f21609aee71d47abcd4dc27a6586d)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/8be5626bbb54e6c899a1b71d22411709126d9fea)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/9146024e1094e8bb871ab15d1b7fc556a710732f)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/99051992a9f45eb0dd79e062681d6f5d366deb41)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/9be858312553002841725b617050aaff3c48951d)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/9c5c58b18363494976185e7ddc790ac63de840ed)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/a007198fa23c19902b1f3ffb81498629e0e9c875)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/a245d18a131341feec4f87659746954e78cae780)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/acb388bc0546b48fca11dce8aa7a595af2cda5e2)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/ad91ce2346cb34e5d5a49d07dd952d15f6c832a3)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/b15115b2cbfffe15827cd5e4368267d417b72f08)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/b25e79dfb599777a38157bd419395bd28369ee86)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/b7bfa7113b8d1af49a57ab767f24a599ed92044f)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/b7fc526ea49894f366153bd32997e02568c0b8a6)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/b968688afe2c727ae141f50aa983d481dbc1dbbf)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/b9e35469d3bbd0a1ee92e0a815ce2512904d4a18)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/bc81ca9414296234c764b7306a19ba72b2e59b52)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/be7d334778481639294cdf87f5c359a230aeb65b)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/cf70dbc6d2ba62bf1eb12b563dd5ecd27af6e2be)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/d1d65dd29d7bbaf9ea42eaa5fcb0da3fb4df98e9)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/d32623baa7a6273d47be67d587ad4ea0ecffc5de)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/d48d88ee17b780c02123e6d657274cab456e943e)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/d4bdb5ed9e2fe06ec44698b66c029f624135a0ab)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/d7f7f77689e2eaef050686be2bdf3e72881a79ac)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/d9ef60398e88f2c2f958ab2b159d38052ffe7f8a)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/ef5c43bcbcf31819e032c3b7ae7654b7f8e9358b)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/f155785e2bb42b5ddf0a8156401c6dafdf57ba8b)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/f75d4455359ecdf30eeb676e2c7f31d4cf7b42ed)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/f90e825da9d505c11b4262c50cd54553f979c300)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/fc93c05f68398f30abc46fd16ae6c673a1eee099)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/koajs/koa/commit/ff70bdc75a30a37f63fc1f7d8cbae3204df3d982)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/node-modules/ylru/commit/475abb0e9c787fd65d7c3dd3d2d74d67560b0bec)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/oozcitak/xmlbuilder-js
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906478813.0000000004E7A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/qix-
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/substack/js-traverse.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/visionmedia/expresso
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://google.com
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://issuetracker.google.com/173636783
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://jedschmidt.com)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906478813.0000000004E7A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://jongleberry.com
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://jquery.org/license
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://jsperf.com/javascript-array-concat-vs-push/98
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906478813.0000000004E7A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ljharb.codes
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://mathiasbynens.be/notes/javascript-encoding#surrogate-formulae
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://mths.be/fromcodepoint
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://n8.io/
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://paul.vorba.ch
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://peter.michaux.ca/articles/lazy-function-definition-pattern)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://requirejs.org/docs/errors.html#mismatch
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://stackoverflow.com/a/1068308/13216
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906478813.0000000004E7A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://substack.net
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://substack.net)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://underscorejs.org/
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://underscorejs.org/LICENSE
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://unisolated.invalid
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://unisolated.invalidsms_fetcherBlink.Sms.Receive.TimeSmsReceiveBlink.Sms.Receive.TimeCancelOnSu
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://wonko.com/post/html-escaping)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.another-d-mention.ro/
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2907318497.00000000069C0000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 0000000C.00000003.2965089648.0000000006DC0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906478813.0000000004E7A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.ecma-international.org/ecma-262/7.0/#sec-ecmascript-language-types)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.ecma-international.org/ecma-262/7.0/#sec-function.prototype.apply).
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.ecma-international.org/ecma-262/7.0/#sec-regexp.prototype.tostring
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.ecma-international.org/ecma-262/7.0/#sec-tointeger).
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.html5rocks.com/en/tutorials/developertools/sourcemaps/#toc-sourceurl)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.whatwg.org/specs/web-apps/current-work/multipage/comms.html#crossDocumentMessages
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.youtube.com/watch?v=I9nDOSGfwZg
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4674
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4849
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/5140
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=378607
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=449857
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=470258
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.chromium.org/p/chromium/issues/detail?id=589347
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=2070)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=90
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.jquery.com/ticket/12359
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.jquery.com/ticket/13378
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=136851
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=137337
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=156034
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugs.webkit.org/show_bug.cgi?id=29084
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=687787
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://chromium.googlesource.com/angle/angle/
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashpad.chromium.org/
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashpad.chromium.org/bug/new
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1042393
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1046462
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1091824
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/1137851
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/401439).
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/593024
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/593024select_view_in_geometry_shaderThe
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/650547
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/650547call_clear_twiceUsing
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/655534
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/655534use_system_memory_for_constant_buffersCopying
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/705865
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/710443
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/811661
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://css-tricks.com/debouncing-throttling-explained-examples/)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.chrome.com/extensions/sandboxingEval).
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/CSS/display
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://developer.mozilla.org/en/DOM/window.postMessage
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/d/17aTgLnjMXIrfjgNaTUnHQO7m3xgzHR2VXBTmi03Qii4/
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://drafts.csswg.org/cssom/#common-serializing-idioms
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://drafts.csswg.org/cssom/#resolved-values
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://es5.github.io/#x13.2.2
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://es5.github.io/#x15.1.2.2)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/3rd-Eden/kuler
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/3rd-Eden/kuler.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/3rd-Eden/text-hex
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/3rd-Eden/text-hex.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Leonidas-from-XIV/node-xml2js
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Leonidas-from-XIV/node-xml2js.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/RyanZim/universalify#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/RyanZim/universalify.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/TooTallNate/util-deprecate
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906478813.0000000004E7A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/WebReflection/get-own-property-symbols/issues/4
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/YuzuJS/setImmediate#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/YuzuJS/setImmediate.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ZJONSSON/node-unzipper#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ZJONSSON/node-unzipper.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/alessioalex/tiny-each-async#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/alessioalex/tiny-each-async.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/antelle
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/antelle/node-stream-zip
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/antelle/node-stream-zip.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/antelle/node-stream-zip/blob/master/LICENSE
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/bnjmnt4n/lodash-cli.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/calvinmetcalf/process-nextick-args
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/calvinmetcalf/process-nextick-args.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/component/toidentifier#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/component/toidentifier.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/crypto-utils/keygrip#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/crypto-utils/keygrip.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/cthackers/adm-zip
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/es-shims/String.prototype.trimEnd#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/es-shims/String.prototype.trimStart#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/es-shims/es5-shim
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/es-shims/es6-shim
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/es-shims/object.getownpropertydescriptors#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/eslint/eslint/issues/3229
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/eslint/eslint/issues/6125
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/expressjs/vary)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/felixge/node-stack-trace
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/feross/safe-buffer
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/golang/go/blob/master/src/archive/zip/reader.go#L503
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/gyson/koa-convert#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/gyson/koa-convert.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/hgouveia/node-downloader-helper
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/hgouveia/node-downloader-helper.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/hgouveia/node-downloader-helper/issues)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/inspect-js/object-inspect
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/inspect-js/which-boxed-primitive#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/inspect-js/which-boxed-primitive.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/iojs/readable-stream/issues/101)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/iojs/readable-stream/issues/102)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/iojs/readable-stream/issues/105)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/iojs/readable-stream/issues/106
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/iojs/readable-stream/issues/99)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/iojs/readable-stream/labels/wg-agenda
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/minimatch#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/once#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/isaacs/sax-js#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jashkenas/underscore/pull/1247
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jden/node-listenercount#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/joyent/node
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/joyent/node/pull/7878
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jprichardson/node-jsonfile#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jquery/jquery
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jquery/jquery.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jquery/jquery/blob/3.2.1/AUTHORS.txt
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jquery/jquery/pull/557)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jquery/sizzle
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jquery/sizzle/pull/225
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jshttp/basic-auth/issues/39
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jshttp/http-assert
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jshttp/http-errors
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jshttp/media-typer#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jshttp/media-typer.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jshttp/mime-db#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jshttp/mime-db.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jshttp/mime-types#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jshttp/mime-types.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jshttp/negotiator#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jshttp/negotiator.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jshttp/on-finished#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jshttp/on-finished.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jshttp/statuses#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jshttp/statuses.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jshttp/type-is#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jshttp/type-is.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jshttp/vary#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jshttp/vary.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/koajs/compose#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/koajs/compose.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/koajs/compose/blob/4e3e96baf58b817d71bd44a8c0d78bb42623aa95/index.js#L36
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/koajs/compose/pull/27
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/koajs/compose/pull/61
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/koajs/compose/pull/65
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/koajs/json)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/koajs/koa#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/koajs/koa.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/koajs/koa/blob/master/docs/error-handling.md
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/koajs/koa/blob/master/docs/migration.md
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/koajs/koa/pull/438).
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/koajs/koa/pull/614
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/koajs/koa/pull/668
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/koajs/koajs.com/pull/38.
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/koajs/send
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/koajs/static#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/koajs/static.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ljharb/object-keys#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ljharb/object.assign#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906478813.0000000004E7A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ljharb/object.assign/issues/17
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ljharb/unbox-primitive#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ljharb/unbox-primitive.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ljharb/util.promisify#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/ljharb/util.promisify.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lodash/lodash
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lodash/lodash.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906478813.0000000004E7A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/lodash/lodash/blob/4.17.15/dist/lodash.js#L6735-L6744
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/TSC/blob/master/Moderation-Policy.md
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/blob/b1c8f15c5f169e021f7c46eb7b219de95fe97603/lib/util.js#L201-L230
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/blob/b3fcc245fb25539909ef1d5eaa01dbf92e168633/lib/path.js#L56
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/blob/master/CODE_OF_CONDUCT.md
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/blob/v4.4.7/lib/_http_server.js#L486
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/3043
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/3073
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/readable-stream#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/string_decoder
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/wrappy
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/npm/wrappy.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/olado/doT).
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pillarjs/parseurl#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pillarjs/parseurl.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pillarjs/resolve-path#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pillarjs/resolve-path.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pvorb/node-md5#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/qix-/node-simple-swizzle#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/qix-/node-simple-swizzle.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sindresorhus/path-is-absolute#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sindresorhus/path-is-absolute.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sindresorhus/time-zone#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sindresorhus/time-zone.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906478813.0000000004E7A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/sponsors/ljharb
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/substack/js-traverse#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/substack/minimist
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/substack/node-hashish).
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/substack/node-mkdirp.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/suryagh/tsscmp#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/suryagh/tsscmp.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/unshiftio/one-time#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/unshiftio/one-time.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/visionmedia/node-only#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/wesleytodd/setprototypeof
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/wesleytodd/setprototypeof.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/winstonjs/logform#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/winstonjs/logform.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/winstonjs/triple-beam#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/winstonjs/triple-beam.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/winstonjs/winston#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/winstonjs/winston-transport#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/winstonjs/winston.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/winstonjs/winston/blob/2.x/lib/winston/logger.js#L198-L201
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/winstonjs/winston/blob/master/UPGRADE-3.0.md
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/winstonjs/winston/tree/master/UPGRADE-3.0.md
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/zeit/ms#readme
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/zeit/ms.git
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://goo.gl/yabPex
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://guides.github.com/activities/contributing-to-open-source/).MIT
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/#strip-and-collapse-whitespace
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#category-listed
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/infrastructure.html#space-character
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/infrastructure.html#strip-and-collapse-whitespace
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/161903006
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/166809097
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://jquery.com
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://jquery.com/
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://jquery.org/
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://jquery.org/license
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://js.foundation/
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://jsperf.com/getall-vs-sizzle/2
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://jsperf.com/thor-indexof-vs-for/5
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://lodash.com/
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://lodash.com/)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://lodash.com/custom-builds).
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://lodash.com/icon.svg
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://lodash.com/license
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mathiasbynens.be/
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mathiasbynens.be/notes/ambiguous-ampersands)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906478813.0000000004E7A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mathiasbynens.be/notes/javascript-unicode).
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mdn.io/Array/reverse).
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mdn.io/Array/slice)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mdn.io/Number/isFinite).
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mdn.io/Number/isInteger).
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mdn.io/Number/isNaN)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mdn.io/Number/isSafeInteger).
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mdn.io/Object/assign).
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mdn.io/String/replace).
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mdn.io/String/split).
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mdn.io/Structured_clone_algorithm)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mdn.io/clearTimeout).
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mdn.io/isNaN)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mdn.io/iteration_protocols#iterator).
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mdn.io/rest_parameters).
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mdn.io/round#Examples)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mdn.io/setTimeout).
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mdn.io/spread_operator).
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mdn.io/toLowerCase).
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mdn.io/toUpperCase).
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://monitoring.url.loader.factory.invalid
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://monitoring.url.loader.factory.invalidPermissions
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mths.be/he).
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/api/http.html#http_response_writableended
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/api/stream.html#stream_readable_pipe_destination_options
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://npms.io/search?q=ponyfill.
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://openjsf.org/
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://promisesaplus.com/#point-48
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://promisesaplus.com/#point-54
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://promisesaplus.com/#point-57
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://promisesaplus.com/#point-59
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://promisesaplus.com/#point-61
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://promisesaplus.com/#point-64
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://promisesaplus.com/#point-75
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://raw.githubusercontent.com/cthackers/adm-zip/master/LICENSE
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://registry.npmjs.org
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sizzlejs.com/
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/questions/16254385/undocumented-response-finished-in-node-js
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/encrypted-media/#direct-individualization.
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/encrypted-media/#distinctive-identifier)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://w3c.github.io/encrypted-media/#distinctive-permanent-
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-a
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5148698084376576
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5669008342777856
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5709390967472128
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5742188281462784.
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5742188281462784.CancelDeferredNavigationWillFailRequestDidComm
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromium.org/blink/origin-trials/portals
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.chromium.org/blink/origin-trials/portalsPrerenderHost::StartPrerenderingrender_frame_hos
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google./_/chrome/plus.google.cominbox.google.comdrive.google.comServiceWorker.DiskCache.
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/speech-api/full-duplex/v1
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/speech-api/full-duplex/v1key=pair=output=pb/down?speech_recognition_downstrea
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocatemacAddresssignalStrengthsignalToNoiseRatiowifiAcc
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/securitykey/a/google.com/origins.json
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/securitykey/origins.json
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/securitykey/origins.jsonhttps://www.gstatic.com/securitykey/a/google.com/ori
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/february/double-hmac-verificati
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.npmjs.com/package/babel-polyfill)
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://xivilization.net

Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe

Code function: 12_2_00405461 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,

12_2_00405461

Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2965437167.0000000007300000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: RegisterRawInputDevices() failed for RIDEV_REMOVE

memstr_1c577cd0-0

Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe

Code function: 12_2_100010D0 GetVersionExW,LoadLibraryW,GetProcAddress,LocalAlloc,LocalAlloc,NtQuerySystemInformation,LocalFree,LocalAlloc,FreeLibrary,lstrcpynW,lstrcmpiW,LocalFree,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,lstrlenW,lstrlenA,MultiByteToWideChar,lstrcmpiW,CloseHandle,FreeLibrary,

12_2_100010D0

Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe

Code function: 12_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

12_2_0040338F

Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Code function: 12_2_00406B15	12_2_00406B15
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Code function: 12_2_004072EC	12_2_004072EC
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Code function: 12_2_00404C9E	12_2_00404C9E
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Code function: 12_2_6F6F8162	12_2_6F6F8162
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Code function: 12_2_6F6F8561	12_2_6F6F8561
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Code function: 12_2_6F6F8F7D	12_2_6F6F8F7D
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Code function: 12_2_6F6F927A	12_2_6F6F927A
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Code function: 12_2_6F6F1378	12_2_6F6F1378
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Code function: 12_2_6F6FA83A	12_2_6F6FA83A
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Code function: 12_2_6F6F840D	12_2_6F6F840D
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Code function: 12_2_6F6FAF1C	12_2_6F6FAF1C
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Code function: 12_2_6F6FABA9	12_2_6F6FABA9
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Code function: 12_2_6F901B5F	12_2_6F901B5F

Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe

Process token adjusted: Security

Jump to behavior

Source: 5f76730b-09b4-44db-ab17-a9dd86f74506.tmp.0.dr	Static PE information: No import functions for PE file found
Source: 684586ff-cd85-441d-9787-5fb9ae2d80f4.tmp.0.dr	Static PE information: No import functions for PE file found

Source: 5f76730b-09b4-44db-ab17-a9dd86f74506.tmp.0.dr	Static PE information: Data appended to the last section found
Source: 684586ff-cd85-441d-9787-5fb9ae2d80f4.tmp.0.dr	Static PE information: Data appended to the last section found

Source: 5f76730b-09b4-44db-ab17-a9dd86f74506.tmp.0.dr

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: clean8.win@33/646@0/35

Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe

12_2_0040338F

Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe

Code function: 12_2_00404722 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

12_2_00404722

Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe

Code function: 12_2_6F902AAC CreateToolhelp32Snapshot,

12_2_6F902AAC

Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe

Code function: 12_2_00402104 CoCreateInstance,

12_2_00402104

Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe

File created: C:\Program Files (x86)\NeatReader

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe

Mutant created: \Sessions\1\BaseNamedObjects\bbff271c-caf8-5302-b3c6-6d9ee38f27e3

Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe

File created: C:\Users\user\AppData\Local\Temp\nsj2B13.tmp

Jump to behavior

Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2965089648.0000000006DC0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2965437167.0000000007505000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: SELECT name FROM sqlite_master WHERE type='table';
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2965089648.0000000006DC0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2965089648.0000000006DC0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2965089648.0000000006DC0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2965089648.0000000006DC0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2965089648.0000000006DC0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=2236,i,6439054695075565315,17960345864955142184,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.neat-reader.com/download/start-download?target=windows"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6476 --field-trial-handle=2236,i,6439054695075565315,17960345864955142184,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://play.google.com/store/apps/details?id=com.gzhi.neatreader.r2.main
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2012,i,1756451637922991175,14183001203310220918,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6852 --field-trial-handle=2236,i,6439054695075565315,17960345864955142184,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe "C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=2236,i,6439054695075565315,17960345864955142184,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6476 --field-trial-handle=2236,i,6439054695075565315,17960345864955142184,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6852 --field-trial-handle=2236,i,6439054695075565315,17960345864955142184,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6476 --field-trial-handle=2236,i,6439054695075565315,17960345864955142184,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2012,i,1756451637922991175,14183001203310220918,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior

Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Section loaded: wintypes.dll	Jump to behavior

Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:	Binary string: ffmpeg.dll.pdb source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2911017758.00000000065C0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: libEGL.dll.pdb source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2911017758.00000000065C0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: vulkan-1.dll.pdb source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2960405089.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 0000000C.00000003.2960137150.0000000005220000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964010022.00000000065C0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: electron.exe.pdb source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2965437167.0000000007505000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: electron.exe.pdb0 source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2965437167.0000000007505000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: libGLESv2.dll.pdb source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: libGLESv2.dll.pdbp" source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: vulkan-1.dll.pdb@ source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2960405089.0000000005AD0000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 0000000C.00000003.2960137150.0000000005220000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964010022.00000000065C0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: vk_swiftshader.dll.pdb source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964010022.00000000065C0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: M.pdB source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906478813.0000000004E45000.00000004.00001000.00020000.00000000.sdmp

Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe

12_2_100010D0

Source: 5f76730b-09b4-44db-ab17-a9dd86f74506.tmp.0.dr	Static PE information: real checksum: 0x3b9af84 should be: 0xbe92
Source: libEGL.dll.12.dr	Static PE information: real checksum: 0x0 should be: 0x66588
Source: libGLESv2.dll.12.dr	Static PE information: real checksum: 0x0 should be: 0x2c0e87
Source: SpiderBanner.dll.12.dr	Static PE information: real checksum: 0x0 should be: 0x11dab
Source: libEGL.dll0.12.dr	Static PE information: real checksum: 0x0 should be: 0x604a4
Source: vk_swiftshader.dll.12.dr	Static PE information: real checksum: 0x0 should be: 0x3e92d0
Source: ffmpeg.dll.12.dr	Static PE information: real checksum: 0x0 should be: 0x27fa83
Source: nsis7z.dll.12.dr	Static PE information: real checksum: 0x0 should be: 0x7611e
Source: libGLESv2.dll0.12.dr	Static PE information: real checksum: 0x0 should be: 0x69cc7a
Source: vulkan-1.dll.12.dr	Static PE information: real checksum: 0x0 should be: 0xa72ef
Source: 684586ff-cd85-441d-9787-5fb9ae2d80f4.tmp.0.dr	Static PE information: real checksum: 0x3b9af84 should be: 0x3e57
Source: System.dll.12.dr	Static PE information: real checksum: 0x0 should be: 0xe5c7

Source: libEGL.dll.12.dr	Static PE information: section name: .00cfg
Source: libEGL.dll.12.dr	Static PE information: section name: .voltbl
Source: libGLESv2.dll.12.dr	Static PE information: section name: .00cfg
Source: libGLESv2.dll.12.dr	Static PE information: section name: .voltbl
Source: vk_swiftshader.dll.12.dr	Static PE information: section name: .00cfg
Source: vk_swiftshader.dll.12.dr	Static PE information: section name: .voltbl
Source: vulkan-1.dll.12.dr	Static PE information: section name: .00cfg
Source: vulkan-1.dll.12.dr	Static PE information: section name: .voltbl
Source: ffmpeg.dll.12.dr	Static PE information: section name: .00cfg
Source: ffmpeg.dll.12.dr	Static PE information: section name: .voltbl
Source: libEGL.dll0.12.dr	Static PE information: section name: .00cfg
Source: libEGL.dll0.12.dr	Static PE information: section name: .voltbl
Source: libGLESv2.dll0.12.dr	Static PE information: section name: .00cfg
Source: libGLESv2.dll0.12.dr	Static PE information: section name: .voltbl
Source: NeatReader.exe.12.dr	Static PE information: section name: .00cfg
Source: NeatReader.exe.12.dr	Static PE information: section name: .rodata
Source: NeatReader.exe.12.dr	Static PE information: section name: .voltbl
Source: NeatReader.exe.12.dr	Static PE information: section name: CPADinfo

Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe

Code function: 12_2_6F7038E0 push eax; ret

12_2_6F70390E

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\5f76730b-09b4-44db-ab17-a9dd86f74506.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	File created: C:\Users\user\AppData\Local\Temp\nsk2BFF.tmp\nsis7z.dll	Jump to dropped file
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	File created: C:\Program Files (x86)\NeatReader\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	File created: C:\Users\user\AppData\Local\Temp\nsk2BFF.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	File created: C:\Program Files (x86)\NeatReader\swiftshader\libGLESv2.dll	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe (copy)	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\Unconfirmed 708013.crdownload	Jump to dropped file
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	File created: C:\Program Files (x86)\NeatReader\ffmpeg.dll	Jump to dropped file
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	File created: C:\Program Files (x86)\NeatReader\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	File created: C:\Users\user\AppData\Local\Temp\nsk2BFF.tmp\nsProcess.dll	Jump to dropped file
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	File created: C:\Program Files (x86)\NeatReader\NeatReader.exe	Jump to dropped file
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	File created: C:\Users\user\AppData\Local\Temp\nsk2BFF.tmp\StdUtils.dll	Jump to dropped file
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	File created: C:\Program Files (x86)\NeatReader\vulkan-1.dll	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\Unconfirmed 299717.crdownload	Jump to dropped file
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	File created: C:\Program Files (x86)\NeatReader\resources\elevate.exe	Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\684586ff-cd85-441d-9787-5fb9ae2d80f4.tmp	Jump to dropped file
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	File created: C:\Program Files (x86)\NeatReader\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	File created: C:\Program Files (x86)\NeatReader\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	File created: C:\Program Files (x86)\NeatReader\swiftshader\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	File created: C:\Users\user\AppData\Local\Temp\nsk2BFF.tmp\SpiderBanner.dll	Jump to dropped file

Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe

File created: C:\Program Files (x86)\NeatReader\LICENSE.electron.txt

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsk2BFF.tmp\nsis7z.dll	Jump to dropped file
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Dropped PE file which has not been started: C:\Program Files (x86)\NeatReader\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsk2BFF.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Dropped PE file which has not been started: C:\Program Files (x86)\NeatReader\swiftshader\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Dropped PE file which has not been started: C:\Program Files (x86)\NeatReader\ffmpeg.dll	Jump to dropped file
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Dropped PE file which has not been started: C:\Program Files (x86)\NeatReader\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Dropped PE file which has not been started: C:\Program Files (x86)\NeatReader\NeatReader.exe	Jump to dropped file
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsk2BFF.tmp\StdUtils.dll	Jump to dropped file
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsk2BFF.tmp\nsProcess.dll	Jump to dropped file
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Dropped PE file which has not been started: C:\Program Files (x86)\NeatReader\vulkan-1.dll	Jump to dropped file
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Dropped PE file which has not been started: C:\Program Files (x86)\NeatReader\resources\elevate.exe	Jump to dropped file
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Dropped PE file which has not been started: C:\Program Files (x86)\NeatReader\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Dropped PE file which has not been started: C:\Program Files (x86)\NeatReader\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Dropped PE file which has not been started: C:\Program Files (x86)\NeatReader\swiftshader\libEGL.dll	Jump to dropped file
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsk2BFF.tmp\SpiderBanner.dll	Jump to dropped file

Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Code function: 12_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	12_2_004059CC
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Code function: 12_2_004065FD FindFirstFileW,FindClose,	12_2_004065FD
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	Code function: 12_2_00402868 FindFirstFileW,	12_2_00402868

Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	File opened: C:\Program Files (x86)\NeatReader\resources\app.asar.unpacked	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	File opened: C:\Program Files (x86)\NeatReader\resources	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	File opened: C:\Program Files (x86)\NeatReader\resources\app.asar.unpacked\node_modules\font-list\libs	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	File opened: C:\Program Files (x86)\NeatReader\resources\app.asar.unpacked\node_modules\font-list\libs\darwin	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	File opened: C:\Program Files (x86)\NeatReader\resources\app.asar.unpacked\node_modules	Jump to behavior
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	File opened: C:\Program Files (x86)\NeatReader\resources\app.asar.unpacked\node_modules\font-list	Jump to behavior

Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.0000000006BC7000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMware Virtual Webcam
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2911017758.00000000065C0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmncVMware Screen Codec / VMware Videovp5On2 VP5vp6On2 VP6vp6fOn2 VP6 (Flash version)targaTruevision Targa imageimage/x-targaimage/x-tgav
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.0000000006BC7000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: eb1a:2860eb1a:28201ce6:282012ab:03801943:22530c45:64d00c45:64d21bcf:298504ca:704704ca:704804f2:b3ed04f2:b3ca05c8:035d05c8:036904ca:709513d3:52570bda:57f2VMware Virtual WebcamMedia.VideoCapture.BlacklistedDeviceGoogle Camera AdapterIP Camera [JPEG/MJPEG]CyberLink Webcam SplitterEpocCamWebcamMax../../media/capture/video/video_capture_metrics.ccDevice supports Media.VideoCapture.Device.SupportedPixelFormatMedia.VideoCapture.Device.SupportedResolution
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.0000000006BC7000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMnet
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Adreno (TM) 418Adreno (TM) 530Adreno (TM) 540GL_EXT_texture_lod_biasARB_draw_buffersGL_ARB_texture_swizzleGL_EXT_texture_swizzleGL_ARB_pixel_buffer_objectGL_EXT_pixel_buffer_objectGL_EXT_draw_buffers2GL_ARB_fragment_shaderGL_NV_texture_border_clampGL_ARB_robust_buffer_access_behaviorGL_EXT_framebuffer_sRGBGL_ARB_framebuffer_sRGBfunctions->standard == STANDARD_GL_DESKTOP && isAMDfunctions->standard == STANDARD_GL_DESKTOP && isIntelisIntel && !IsSandyBridge(device) && !IsIvyBridge(device) && !IsHaswell(device)IsApple() && isIntelisIntel && IsApple() && IsSkylake(device) && GetMacOSVersion() < OSVersion(10, 13, 2)functions->standard == STANDARD_GL_DESKTOP && (isIntel \|\| isAMD)IsLinux() && functions->standard == STANDARD_GL_DESKTOP && isAMD(IsApple() && functions->standard == STANDARD_GL_DESKTOP) \|\| (IsLinux() && isAMD)IsApple() && functions->standard == STANDARD_GL_DESKTOP && GetMacOSVersion() < OSVersion(10, 11, 0)IsApple() && isIntel && GetMacOSVersion() < OSVersion(10, 12, 0)IsApple() && isAMDIsAndroid() && isQualcommfunctions->standard == STANDARD_GL_DESKTOP && isNvidiaIsApple() \|\| isNvidiafunctions->isAtMostGL(gl::Version(4, 1)) \|\| (functions->standard == STANDARD_GL_DESKTOP && isAMD)isAMD \|\| IsAndroid()IsAndroid() \|\| isNvidia(IsAndroid() && isQualcomm) \|\| (isIntel && IsApple())isAMD \|\| isIntelIsNexus5X(vendor, device)IsAndroid() \|\| (IsWindows() && isIntel)(IsWindows() && (isIntel \|\| isAMD)) \|\| (IsLinux() && isNvidia) \|\| IsIOS() \|\| IsAndroidEmulator(functions)IsAndroid() \|\| limitMaxTextureSizeIsAndroid() \|\| (IsApple() && (isIntel \|\| isAMD \|\| isNvidia))limitMaxTextureSizeIsApple()IsAndroid() \|\| isAMD \|\| !functions->hasExtension("GL_KHR_robust_buffer_access_behavior")IsApple() && isIntel && GetMacOSVersion() >= OSVersion(10, 12, 4)IsApple() && isIntel && GetMacOSVersion() < OSVersion(10, 12, 6)IsLinux() \|\| (IsAndroid() && isNvidia) \|\| (IsWindows() && isNvidia) \|\| (IsApple() && functions->standard == STANDARD_GL_ES)IsApple() \|\| (IsLinux() && isAMD)IsApple() \|\| (IsWindows() && isAMD)functions->standard == STANDARD_GL_DESKTOP && functions->isAtLeastGL(gl::Version(3, 1)) && !functions->isAtLeastGL(gl::Version(4, 3))features->emulatePrimitiveRestartFixedIndex.enabled && IsApple() && isIntelIsApple() \|\| IsAndroid() \|\| IsWindows()functions->standard == STANDARD_GL_ES && functions->isAtLeastGLES(gl::Version(3, 1)) && functions->hasGLESExtension("GL_EXT_texture_norm16")IsWindows() && isAMDIsLinux() && isAMD && isMesa && mesaVersion < (std::array<int, 3>{19, 3, 5})(IsLinux() && isVMWare) \|\| (IsAndroid() && isNvidia) \|\| (IsAndroid() && GetAndroidSdkLevel() < 27 && IsAdreno5xxOrOlder(functions)) \|\| (IsAndroid() && IsMaliT8xxOrOlder(functions)) \|\| (IsAndroid() && IsMaliG31OrOlder(functions))IsApple() && functions->standard == STANDARD_GL_ES && !(isAMD && IsWindows())isDualGPUMacWithNVIDIAisTSANBuild && IsLinux() && isNvidiaIsApple() && (isAMD \|\| isIntel \|\| isNvidia)IsLinux() && IsWayland()!CanMapBufferForRead(functions)IsApple() && hasAMDIsAdreno42xOr3xx(func
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: (IsLinux() && isVMWare) \|\| (IsAndroid() && isNvidia) \|\| (IsAndroid() && GetAndroidSdkLevel() < 27 && IsAdreno5xxOrOlder(functions)) \|\| (IsAndroid() && IsMaliT8xxOrOlder(functions)) \|\| (IsAndroid() && IsMaliG31OrOlder(functions))
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.0000000006BC7000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: num_failuresrelease_after_msThrottling.RequestThrottled%08x: %02x ../../net/base/network_interfaces_win.ccWlanApiwlanapi.dllWlanQueryInterfaceWlanSetInterfaceVMnetGetAdaptersAddresses failed:
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2965089648.0000000006DC0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: lgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmcIGfE
Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2911017758.00000000065C0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMware Screen Codec / VMware Video

Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	API call chain: ExitProcess graph end node			graph_12-8833
Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe	API call chain: ExitProcess graph end node			graph_12-8841

Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe

12_2_100010D0

Source: NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.0000000006BC7000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: ../../third_party/webrtc/modules/desktop_capture/win/window_capture_utils.ccFail to create instance of VirtualDesktopManagerChrome_WidgetWin_Progmanffff:%hx%n%4hx%n.

Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe

Code function: 12_2_6F6FEB20 GetSystemTime,SystemTimeToFileTime,

12_2_6F6FEB20

Source: C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe

12_2_0040338F

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 Registry Run Keys / Startup Folder	1 Access Token Manipulation	2 Masquerading	11 Input Capture	1 System Time Discovery	Remote Services	11 Input Capture	2 Encrypted Channel	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	2 Process Injection	1 Access Token Manipulation	LSASS Memory	1 Security Software Discovery	Remote Desktop Protocol	1 Archive Collected Data	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Registry Run Keys / Startup Folder	2 Process Injection	Security Account Manager	3 Process Discovery	SMB/Windows Admin Shares	1 Clipboard Data	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 DLL Side-Loading	1 Obfuscated Files or Information	NTDS	3 File and Directory Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Software Packing	LSA Secrets	4 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner
C:\Program Files (x86)\NeatReader\NeatReader.exe	0%	ReversingLabs
C:\Program Files (x86)\NeatReader\d3dcompiler_47.dll	0%	ReversingLabs
C:\Program Files (x86)\NeatReader\ffmpeg.dll	0%	ReversingLabs
C:\Program Files (x86)\NeatReader\libEGL.dll	0%	ReversingLabs
C:\Program Files (x86)\NeatReader\libGLESv2.dll	0%	ReversingLabs
C:\Program Files (x86)\NeatReader\resources\app.asar.unpacked\node_modules\font-list\libs\darwin\fontlist	0%	ReversingLabs
C:\Program Files (x86)\NeatReader\resources\elevate.exe	0%	ReversingLabs
C:\Program Files (x86)\NeatReader\swiftshader\libEGL.dll	0%	ReversingLabs
C:\Program Files (x86)\NeatReader\swiftshader\libGLESv2.dll	0%	ReversingLabs
C:\Program Files (x86)\NeatReader\vk_swiftshader.dll	0%	ReversingLabs
C:\Program Files (x86)\NeatReader\vulkan-1.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsk2BFF.tmp\SpiderBanner.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsk2BFF.tmp\StdUtils.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsk2BFF.tmp\System.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsk2BFF.tmp\nsProcess.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsk2BFF.tmp\nsis7z.dll	0%	ReversingLabs
C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe (copy)	0%	ReversingLabs
C:\Users\user\Downloads\Unconfirmed 299717.crdownload	0%	ReversingLabs
C:\Users\user\Downloads\Unconfirmed 708013.crdownload	0%	ReversingLabs

Source	Detection	Scanner	Label
https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled	0%	URL Reputation	safe
http://www.opensource.org/licenses/mit-license.php	0%	URL Reputation	safe
https://openjsf.org/	0%	URL Reputation	safe
https://jsperf.com/getall-vs-sizzle/2	0%	URL Reputation	safe
http://underscorejs.org/LICENSE	0%	URL Reputation	safe
https://sizzlejs.com/	0%	URL Reputation	safe
https://npms.io/search?q=ponyfill.	0%	URL Reputation	safe
https://bugs.jquery.com/ticket/12359	0%	URL Reputation	safe
https://bugs.chromium.org/p/chromium/issues/detail?id=378607	0%	URL Reputation	safe
https://bugs.chromium.org/p/chromium/issues/detail?id=589347	0%	URL Reputation	safe

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/antelle/node-stream-zip	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://www.google.com/speech-api/full-duplex/v1	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://github.com/unshiftio/one-time.git	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://crbug.com/941620allow_translate_uniform_block_to_structured_bufferThere	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://github.com/pillarjs/resolve-path#readme	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://crbug.com/650547call_clear_twiceUsing	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://wonko.com/post/html-escaping)	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://github.com/koajs/koa/commit/b968688afe2c727ae141f50aa983d481dbc1dbbf)	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://github.com/jshttp/mime-types#readme	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://anglebug.com/4633	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://anglebug.com/4995	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://github.com/koajs/koa/commit/7e46c2058cb5994809eab5f4dbb12f21e937c72b)	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://github.com/koajs/koa/blob/master/docs/error-handling.md	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://github.com/nodejs/string_decoder	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://github.com/sindresorhus/path-is-absolute.git	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://www.ecma-international.org/ecma-262/7.0/#sec-function.prototype.apply).	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://www.opensource.org/licenses/mit-license.php	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://github.com/ZJONSSON/node-unzipper#readme	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://github.com/jrburke/requirejs/wiki/Updating-existing-libraries#wiki-anon	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://crbug.com/110263	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://github.com/koajs/koa/commit/00e8f7a1b7603aabdb7fb3567f485cb1c2076702)	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://mdn.io/clearTimeout).	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://openjsf.org/	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://github.com/jshttp/on-finished.git	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://github.com/koajs/koa/commit/b7bfa7113b8d1af49a57ab767f24a599ed92044f)	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://crbug.com/593024select_view_in_geometry_shaderThe	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://html.spec.whatwg.org/multipage/infrastructure.html#space-character	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://github.com/wesleytodd/setprototypeof	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://bugs.chromium.org/p/v8/issues/detail?id=90	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://github.com/substack/node-hashish).	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://crbug.com/593024	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://github.com/koajs/koa.git	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://github.com/jquery/jquery/blob/3.2.1/AUTHORS.txt	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://guides.github.com/activities/contributing-to-open-source/).MIT	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://ecma-international.org/ecma-262/7.0/#sec-properties-of-the-map-prototype-object)	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://jsperf.com/getall-vs-sizzle/2	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://issuetracker.google.com/161903006	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://anglebug.com/3529	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://crbug.com/710443	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://github.com/winstonjs/winston/blob/2.x/lib/winston/logger.js#L198-L201	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://underscorejs.org/LICENSE	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://ecma-international.org/ecma-262/7.0/#sec-ecmascript-function-objects-call-thisargument-argume	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://anglebug.com/3997	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://stackoverflow.com/a/1068308/13216	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://crbug.com/642605	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://github.com/pvorb/node-md5#readme	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://anglebug.com/1452	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://crbug.com/1165751Disable	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://github.com/gyson/koa-convert#readme	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://html.spec.whatwg.org/multipage/infrastructure.html#strip-and-collapse-whitespace	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://github.com/jshttp/media-typer.git	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://sizzlejs.com/	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://github.com/koajs/koa/commit/ad91ce2346cb34e5d5a49d07dd952d15f6c832a3)	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://ljharb.codes	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906478813.0000000004E7A000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://npms.io/search?q=ponyfill.	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://anglebug.com/3502	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://anglebug.com/3623	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://github.com/jshttp/mime-types.git	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://anglebug.com/3625	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://bugs.jquery.com/ticket/12359	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://anglebug.com/3624	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://peter.michaux.ca/articles/lazy-function-definition-pattern)	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://github.com/RyanZim/universalify.git	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://anglebug.com/4836	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://issuetracker.google.com/issues/166475273	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://registry.npmjs.org	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://github.com/3rd-Eden/text-hex	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://ecma-international.org/ecma-262/7.0/#sec-tolength).	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906478813.0000000004E7A000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://bugs.chromium.org/p/chromium/issues/detail?id=378607	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://github.com/qix-/node-simple-swizzle#readme	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://mths.be/fromcodepoint	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://github.com/lodash/lodash/blob/4.17.15/dist/lodash.js#L6735-L6744	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp, NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906478813.0000000004E7A000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://github.com/crypto-utils/keygrip#readme	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://anglebug.com/3970	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://github.com/3rd-Eden/kuler	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://mdn.io/Number/isFinite).	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://github.com/koajs/koa/pull/614	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://github.com/jshttp/on-finished#readme	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://lodash.com/custom-builds).	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://github.com/koajs/koa/commit/a007198fa23c19902b1f3ffb81498629e0e9c875)	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://github.com/jquery/jquery.git	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://anglebug.com/3859	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://github.com/jshttp/http-assert	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://github.com/jshttp/negotiator.git	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://github.com/koajs/koa/commit/54e8fab3e3d907bbb264caf3e28a24773d0d6fdb)	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://bugs.chromium.org/p/chromium/issues/detail?id=589347	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://mdn.io/spread_operator).	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://github.com/winstonjs/logform#readme	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://anglebug.com/2514	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://github.com/alessioalex/tiny-each-async#readme	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://anglebug.com/3729	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://crbug.com/830046	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://github.com/es-shims/String.prototype.trimStart#readme	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://anglebug.com/2517	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://github.com/eslint/eslint/issues/3229	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2906837489.00000000056D0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
http://anglebug.com/4937	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://issuetracker.google.com/166809097	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2913935462.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	false		unknown
https://crbug.com/401439).	NeatReader Setup 8.1.4.exe, 0000000C.00000003.2964415087.00000000069C0000.00000004.00001000.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.46	unknown	United States	15169	GOOGLEUS	false
142.250.185.206	unknown	United States	15169	GOOGLEUS	false
74.125.133.155	unknown	United States	15169	GOOGLEUS	false
47.79.65.198	unknown	United States	9500	VODAFONE-TRANSIT-ASVodafoneNZLtdNZ	false
172.217.16.214	unknown	United States	15169	GOOGLEUS	false
216.58.206.72	unknown	United States	15169	GOOGLEUS	false
142.250.186.174	unknown	United States	15169	GOOGLEUS	false
142.250.185.168	unknown	United States	15169	GOOGLEUS	false
216.239.38.181	unknown	United States	15169	GOOGLEUS	false
216.58.206.54	unknown	United States	15169	GOOGLEUS	false
142.250.185.227	unknown	United States	15169	GOOGLEUS	false
142.250.181.238	unknown	United States	15169	GOOGLEUS	false
142.250.185.162	unknown	United States	15169	GOOGLEUS	false
142.250.186.131	unknown	United States	15169	GOOGLEUS	false
172.217.18.10	unknown	United States	15169	GOOGLEUS	false
142.250.186.136	unknown	United States	15169	GOOGLEUS	false
142.250.184.195	unknown	United States	15169	GOOGLEUS	false
142.250.185.67	unknown	United States	15169	GOOGLEUS	false
142.250.186.78	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
108.177.15.84	unknown	United States	15169	GOOGLEUS	false
142.250.186.163	unknown	United States	15169	GOOGLEUS	false
172.217.18.3	unknown	United States	15169	GOOGLEUS	false
142.250.185.132	unknown	United States	15169	GOOGLEUS	false
216.58.206.86	unknown	United States	15169	GOOGLEUS	false
142.250.185.136	unknown	United States	15169	GOOGLEUS	false
172.217.18.2	unknown	United States	15169	GOOGLEUS	false
216.58.206.46	unknown	United States	15169	GOOGLEUS	false
142.250.181.246	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
47.254.121.20	unknown	United States	45102	CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC	false
142.250.186.164	unknown	United States	15169	GOOGLEUS	false
216.58.212.161	unknown	United States	15169	GOOGLEUS	false
172.217.16.195	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.5

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1521513
Start date and time:	2024-09-28 20:02:40 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 38s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://www.neat-reader.com/download/start-download?target=windows
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean8.win@33/646@0/35
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 53 Number of non-executed functions: 137
Cookbook Comments:	Browse: https://neat-reader-release.oss-cn-hongkong.aliyuncs.com/NeatReader%20Setup%208.1.4.exe Browse: https://www.neat-reader.com/download/android-epub-reader Browse: https://www.neat-reader.com/auto-activity?guid=83f4c120-7dc1-4372-b266-ca17c2470b3f

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Skipping network analysis since amount of network traffic is too extensive
VT rate limit hit for: https://www.neat-reader.com/download/start-download?target=windows

Simulations

Behavior and APIs

Time	Type	Description
14:04:59	API Interceptor	11x Sleep call for process: NeatReader Setup 8.1.4.exe modified

QR Codes

Source	URL
Screenshot	https://play.google.com/store/apps/details?id=com.gzhi.neatreader.r2.main

LLM Input / Output

Input	Output
URL: https://www.neat-reader.com/download/start-download?target=windows Model: jbxai	{ "brand":["Neat Reader"], "contains_trigger_text":true, "trigger_text":"Download will start in 1s", "prominent_button_name":"Sign in", "text_input_field_labels":["Android", "iOS"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":true, "has_visible_qrcode":false}

URL: https://www.neat-reader.com/download/start-download?target=windows Model: jbxai	{ "brand":["Neat Reader"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"Sign up now", "text_input_field_labels":["Sign in", "Sign in with Google", "Sign in with Apple", "Phone", "email", "username", "Forgot password?", "Dont have an account?"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://www.neat-reader.com/download/start-download?target=windows Model: jbxai	{ "brand":["Neat Reader"], "contains_trigger_text":false, "trigger_text":null, "prominent_button_name":"Sign in", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://www.neat-reader.com/download/start-download?target=windows Model: jbxai	{ "phishing_score":2, "brands":"Neat Reader", "legit_domain":"neat-reader.com", "classification":"unknown", "reasons":["The brand 'Neat Reader' is not widely recognized and falls under the 'unknown' category.", "The URL 'neat-reader.com' matches the brand name 'Neat Reader' without any suspicious elements such as misspellings, extra characters, or unusual domain extensions.", "The input fields provided (Sign in, Sign in with Google, Sign in with Apple, Phone, email, username, Forgot password?, Don't have an account?) are typical for a legitimate login page."], "brand_matches":[true], "url_match":true, "brand_input":"Neat Reader", "input_fields":"Sign in, Sign in with Google, Sign in with Apple, Phone, email, username, Forgot password?, Dont have an account?"}

URL: https://www.neat-reader.com/download/android-epub-reader Model: jbxai	{ "brand":["Google Play"], "contains_trigger_text":true, "trigger_text":"For Android 5.0 and above", "prominent_button_name":"Introduction", "text_input_field_labels":["Support all your devices", "Manage your books", "Perfectly Display"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":true}

URL: https://play.google.com/store/games Model: jbxai	{ "brand":["Google Play Games"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":["Google Play Games on PC"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://play.google.com/store/apps/details?id=com.gzhi.neatreader.r2.main Model: jbxai	{ "brand":["Google Play"], "contains_trigger_text":true, "trigger_text":"Sign into X Sign in with Google Sign in with Apple Phone, email, or username Forgot password? Dont have an account? Sign up", "prominent_button_name":"Install", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":true, "has_visible_qrcode":false}

URL: https://play.google.com/store/games Model: jbxai	{ "brand":["Google Play Games on PC"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

URL: https://www.neat-reader.com/auto-activity?guid=83f4c120-7dc1-4372-b266-ca17c2470b3f Model: jbxai	{ "brand":["Neat Reader"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"Go Premium", "text_input_field_labels":["Select Plan", "Checkout", "Success"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

Process:	C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1096
Entropy (8bit):	5.13006727705212
Encrypted:	false
SSDEEP:	24:36DiJHxRHuyPP3GtIHw1Gg9QH+sUW8Ok4F+d1o36qjFD:36DiJzfPvGt7ICQH+sfIte36AFD
MD5:	4D42118D35941E0F664DDDBD83F633C5
SHA1:	2B21EC5F20FE961D15F2B58EFB1368E66D202E5C
SHA-256:	5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
SHA-512:	3FFBBA2E4CD689F362378F6B0F6060571F57E228D3755BDD308283BE6CBBEF8C2E84BEB5FCF73E0C3C81CD944D01EE3FCF141733C4D8B3B0162E543E0B9F3E63
Malicious:	false
Reputation:	low
Preview:	Copyright (c) Electron contributors.Copyright (c) 2013-2020 GitHub Inc...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISIN

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sat Sep 28 17:03:37 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.98062114134276
Encrypted:	false
SSDEEP:	48:8MTdhTJNxHoidAKZdA19ehwiZUklqehQy+3:8Mf/w/y
MD5:	B97018DEA60B9DC71A2ACB36D48DC073
SHA1:	1AC66E5978D791252D3B73E6342B6BC0208EC03F
SHA-256:	3BB69F9248EA084175502CEFF53A9DF0362AF5488ABA6C9D3DFAFAF1068A1433
SHA-512:	EFEBBCE659C6DD870942E5AD024B49D5C1F453CC95D2E306CB8FC940F060F62926808F18B96CDDAF2A3EB153924D66FAF1C178F901EAB17DC255D03A3B56BCB2
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....7.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I<Yq.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V<Yq.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V<Yq.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V<Yq............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V<Ys............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Ma......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Target ID:	0
Start time:	14:03:29
Start date:	28/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	14:03:33
Start date:	28/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=2236,i,6439054695075565315,17960345864955142184,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	3
Start time:	14:03:36
Start date:	28/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.neat-reader.com/download/start-download?target=windows"
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	5
Start time:	14:03:46
Start date:	28/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6476 --field-trial-handle=2236,i,6439054695075565315,17960345864955142184,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	9
Start time:	14:04:26
Start date:	28/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://play.google.com/store/apps/details?id=com.gzhi.neatreader.r2.main
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	10
Start time:	14:04:27
Start date:	28/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=2012,i,1756451637922991175,14183001203310220918,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	11
Start time:	14:04:36
Start date:	28/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6852 --field-trial-handle=2236,i,6439054695075565315,17960345864955142184,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	12
Start time:	14:04:50
Start date:	28/09/2024
Path:	C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Downloads\NeatReader Setup 8.1.4.exe"
Imagebase:	0x400000
File size:	62'455'064 bytes
MD5 hash:	DEF17C832C3E8169A69D3E854193F59B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Execution Coverage:	7.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	16.8%
Total number of Nodes:	1217
Total number of Limit Nodes:	62

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://www.neat-reader.com/download/start-download?target=windows

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Cryptography

Phishing

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

QR Codes

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\NeatReader\LICENSE.electron.txt

C:\Program Files (x86)\NeatReader\LICENSES.chromium.html

C:\Program Files (x86)\NeatReader\NeatReader.exe

C:\Program Files (x86)\NeatReader\chrome_100_percent.pak

C:\Program Files (x86)\NeatReader\chrome_200_percent.pak

C:\Program Files (x86)\NeatReader\d3dcompiler_47.dll

C:\Program Files (x86)\NeatReader\ffmpeg.dll

C:\Program Files (x86)\NeatReader\icudtl.dat

C:\Program Files (x86)\NeatReader\libEGL.dll

C:\Program Files (x86)\NeatReader\libGLESv2.dll

C:\Program Files (x86)\NeatReader\locales\am.pak

C:\Program Files (x86)\NeatReader\locales\ar.pak

C:\Program Files (x86)\NeatReader\locales\bg.pak

C:\Program Files (x86)\NeatReader\locales\bn.pak

C:\Program Files (x86)\NeatReader\locales\ca.pak

C:\Program Files (x86)\NeatReader\locales\cs.pak

C:\Program Files (x86)\NeatReader\locales\da.pak

Windows Analysis Report
https://www.neat-reader.com/download/start-download?target=windows

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre