Windows Analysis Report
installcriptocns.exe

Overview

General Information

Sample name:	installcriptocns.exe
Analysis ID:	1531119
MD5:	100bea48a4b460d6ece41e5d2e4606ff
SHA1:	82baeb342027198331c05f5cd20fb5b9f27591b9
SHA256:	e756c94d07706aab45372a01e07c642ab4a8c1f011bd5895c1df6569c64740e2
Infos:

Detection

Score:	30
Range:	0 - 100
Whitelisted:	false
Confidence:	0%

Signatures

Yara detected Generic Downloader

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Drops PE files

Drops files with a non-matching file extension (content does not match file extension)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

IP address seen in connection with other malware

Installs a raw input device (often for capturing keystrokes)

May sleep (evasive loops) to hinder dynamic analysis

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries keyboard layouts

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Signatures

Uses 32bit PE files

Source: installcriptocns.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CriptoCNS

Jump to behavior

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

File created: C:\Users\user\AppData\Local\SquirrelTemp\Squirrel-Install.log

Jump to behavior

Source: installcriptocns.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: System.pdbF source: Update.exe, 0000000A.00000002.2299747007.0000000022093000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: netstandard.pdb.mdb source: Update.exe, 0000000A.00000000.1303554849.0000000000452000.00000002.00000001.01000000.00000007.sdmp, Update.exe, 0000000A.00000002.2254208604.000000001B6D0000.00000004.00000020.00020000.00000000.sdmp, Update.exe, 0000000A.00000002.2243154286.0000000012951000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System.pdbpdbtem.pdb source: Update.exe, 0000000A.00000002.2301545150.00000000220A7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\System.pdb source: Update.exe, 0000000A.00000002.2301545150.00000000220A7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: Update.exe, 0000000A.00000002.2294425478.0000000021B86000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: electron.exe.pdb source: criptocns.exe, 0000000F.00000000.2074063248.00007FF74C359000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: C:\Users\ani\code\squirrel\squirrel.windows\build\Release\Win32\Setup.pdb source: installcriptocns.exe, 00000000.00000000.1176549095.000000000057F000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.pdb source: Update.exe, 0000000A.00000002.2295336873.0000000021BC3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.pdb source: Update.exe, 0000000A.00000002.2286850282.000000001FE4F000.00000004.00000020.00020000.00000000.sdmp, Update.exe, 0000000A.00000002.2299747007.0000000022093000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File opened: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File opened: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File opened: C:\Users\user\AppData\Local\CriptoCNS	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Networking

Yara detected Generic Downloader

Source: Yara match	File source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\CriptoCNS\Update.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe, type: DROPPED

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 162.159.61.3 162.159.61.3

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: V8.MemoryHeapUsedV8.MemoryHeapCommittedmail.google.com.gmaildrive.google.com.docsplus.google.com.plusinbox.google.com.inboxcalendar.google.com.calendarwww.youtube.com.youtube.top10sina.com.cnfacebook.combaidu.comqq.comtwitter.comtaobao.comlive.com equals www.youtube.com (Youtube)
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: chttps://www.baidu.com/s?ie={inputEncoding}&wd={searchTerms}https://www.baidu.com/s?ie={inputEncoding}&word={searchTerms}https://www.baidu.com/{google:pathWildcard}/s?ie={inputEncoding}&word={searchTerms}{google:baseURL}#q={searchTerms}{google:baseURL}search#q={searchTerms}{google:baseURL}webhp#q={searchTerms}{google:baseURL}s#q={searchTerms}{google:baseURL}s?q={searchTerms}https://go.mail.ru/msearch?q={searchTerms}&{mailru:referralID}https://m.so.com/s?ie={inputEncoding}&q={searchTerms}https://m.so.com/index.php?ie={inputEncoding}&q={searchTerms}https://m.sogou.com/web/{google:pathWildcard}?ie={inputEncoding}&keyword={searchTerms}http://searchatlas.centrum.cz/?q={searchTerms}http://hladaj.atlas.sk/fulltext/?phrase={searchTerms}http://isearch.avg.com/search?q={searchTerms}http://search.avg.com/route/?q={searchTerms}&lng={language}https://isearch.avg.com/search?q={searchTerms}https://search.avg.com/route/?q={searchTerms}&lng={language}http://search.babylon.com/?q={searchTerms}http://search.conduit.com/Results.aspx?q={searchTerms}http://www.delfi.lt/paieska/?q={searchTerms}http://www.delta-search.com/?q={searchTerms}http://www1.delta-search.com/home?q={searchTerms}http://www1.delta-search.com/?q={searchTerms}http://www2.delta-search.com/home?q={searchTerms}http://www2.delta-search.com/?q={searchTerms}http://www.search.delta-search.com/home?q={searchTerms}http://www.search.delta-search.com/?q={searchTerms}http://www.yhs.delta-search.com/home?q={searchTerms}http://www.yhs.delta-search.com/?q={searchTerms}http://mixidj.delta-search.com/home?q={searchTerms}http://mixidj.delta-search.com/?q={searchTerms}http://search.goo.ne.jp/web.jsp?MT={searchTerms}&IE={inputEncoding}http://search.goo.ne.jp/sgt.jsp?MT={searchTerms}&CL=plugin&FM=json&IE={inputEncoding}http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx#q={searchTerms}http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx#q={searchTerms}http://start.iminent.com/?q={searchTerms}http://start.iminent.com/StartWeb/1033/homepage/#q={searchTerms}http://search.incredibar.com/?q={searchTerms}http://mystart.incredibar.com/?search={searchTerms}https://www.neti.ee/cgi-bin/otsing?query={searchTerms}&src=webhttps://www.neti.ee/api/suggestOS?suggestVersion=1&suggestQuery={searchTerms}https://nova.rambler.ru/search?query={searchTerms}https://nova.rambler.ru/suggest?v=3&query={searchTerms}http://www.search-results.com/web?q={searchTerms}http://search.snap.do/?q={searchTerms}http://feed.snapdo.com/?q={searchTerms}http://feed.snap.do/?q={searchTerms}http://en.softonic.com/s/{searchTerms}http://www.softonic.com/s/{searchTerms}http://www.softonic.com.br/s/{searchTerms}http://buscador.softonic.com/?q={searchTerms}http://nl.softonic.com/s/{searchTerms}https://search.softonic.com/?q={searchTerms}https://en.softonic.com/s/{searchTerms}https://www.softonic.com/s/{searchTerms}https://www.softonic.com.br/s/{searchTerms}https://buscador.softonic.com/?q={searchTerms}https://nl.softonic.com/s/{searchTer
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)

Source: global traffic

DNS traffic detected: DNS query: chrome.cloudflare-dns.com

Source: unknown

HTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message

Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://%s:80../../services/network/public/cpp/network_connection_tracker.ccOnNetworkChangedOnGetConn
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://../../content/browser/browsing_data/browsing_data_remover_impl.ccBrowsingDataRemoverImpl
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://.css
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://.jpg
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://127.0.0.1
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp, criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp, criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: Update.exe, 0000000A.00000002.2156780159.0000000002F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/CriptoCNS.nuspec
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/_rels/.rels
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/chrome_100_percent.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/chrome_200_percent.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/criptocns.exe
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/criptocns_ExecutionStub.exe
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/d3dcompiler_47.dll
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/ffmpeg.dll
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/icudtl.dat
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/libEGL.dll
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/libGLESv2.dll
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/am.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/ar.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/bg.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/bn.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/ca.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/cs.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/da.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/de.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/el.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/en-GB.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/en-US.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/es-419.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/es.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/et.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/fa.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/fi.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/fil.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/fr.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/gu.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/he.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/hi.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/hr.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/hu.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/id.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/it.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/ja.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/kn.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/ko.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/lt.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/lv.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/ml.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/mr.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/ms.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/nb.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/nl.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/pl.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/pt-BR.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/pt-PT.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/ro.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/ru.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/sk.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/sl.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/sr.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/sv.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/sw.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/ta.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/te.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/th.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/tr.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/uk.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/vi.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/zh-CN.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/zh-TW.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/appservice/ask.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/appservice/config.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/appservice/distribution.json
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/appservice/main.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/appservice/module.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/appservice/options.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/appservice/res/ask.html
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/appservice/res/defender.png
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/appservice/res/help.html
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/appservice/res/options.html
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/appservice/res/origens.png
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/appservice/res/signature-32x32.ico
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/appservice/res/system-tray.png
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/appservice/res/w3pro.css
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/appservice/service.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/components/aroari.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/components/hamahiri-native.node
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/components/hamahiri.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/components/hekura-schema.json
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/components/hekura.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/components/lock-native.node
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/components/lock.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/components/options.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/components/update.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/components/wanhamou.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/alert/.editorconfig
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/alert/.gitattributes
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/alert/.github/CONTRIBUTING.md
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/alert/.github/FUNDING.yml
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/alert/.github/ISSUE_TEMPLATE.md
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/alert/.github/PULL_REQUEST_TEMPLATE.md
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/alert/.github/workflows/test.yml
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/alert/LICENSE.md
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/alert/README.md
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/alert/alert.d.ts
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/alert/cli.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/alert/index.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/alert/msgbox.vbs
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/alert/node.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/alert/package.json
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/asn1js/README.md
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/asn1js/build/asn1.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/asn1js/build/asn1.js.map
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/asn1js/index.d.ts
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/asn1js/package.json
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/asn1js/src/asn1.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/is-program-installed/.editorconfig
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/is-program-installed/.gitattributes
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/is-program-installed/.github/CONTRIBUTI
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/is-program-installed/.github/FUNDING.ym
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/is-program-installed/.github/ISSUE_TEMP
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/is-program-installed/.github/PULL_REQUE
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/is-program-installed/.github/SECURITY.m
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/is-program-installed/.github/workflows/
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/is-program-installed/LICENSE.md
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/is-program-installed/README.md
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/is-program-installed/index.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/is-program-installed/index.test.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/is-program-installed/package.json
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/LICENSE.md
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/README.md
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/common.gypi
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/except.gypi
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/index.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/napi-inl.deprecated.h
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/napi-inl.h
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/napi.h
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/node_api.gyp
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/noexcept.gypi
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/nothing.c
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/package-support.json
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/package.json
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/tools/README.md
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/tools/check-napi.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/tools/clang-format.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/tools/conversion.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/tools/eslint-format.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/pvutils/README.md
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/pvutils/build/index.d.ts
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/pvutils/build/utils.es.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/pvutils/build/utils.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/pvutils/package.json
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/package.json
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/snapshot_blob.bin
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/squirrel.exe
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/squirrel.exe0y
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/swiftshader/libEGL.dll
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/swiftshader/libGLESv2.dll
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/v8_context_snapshot.bin
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/vk_swiftshader.dll
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/vk_swiftshader_icd.json
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/vulkan-1.dll
Source: Update.exe, 0000000A.00000002.2156780159.0000000002F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/package/services/metadata/core-properties/541bf5a96c91475db60c133b7a225724.p
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample._
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.bin
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.bsdiff
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.c
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.css
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.css0y
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.dat
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.diff
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.dll
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.editorconfig
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.exe
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.gitattributes
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.gyp
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.gypi
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.h
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.html
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.ico
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.json
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.map
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.md
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.node
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.nuspec
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.png
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.psmdcp
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.rels
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.shasum
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.ts
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.vbs
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.yml
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://google.com
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://google.comhttps://accounts.google.comhttps://www.googleapis.comhttps://oauthaccountmanager.go
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://html4/loose.dtd
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://localhosthttp://127.0.0.1object-src
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://narwhaljs.org)
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://ocsp.accv.es0
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://repository.swisssign.com/0
Source: Update.exe, 0000000A.00000002.2156780159.0000000002F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.openxmlformats.or
Source: Update.exe, 0000000A.00000002.2156780159.0000000002FE6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp, criptocns.exe, 0000000F.00000000.2074063248.00007FF74C0B7000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.js
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc3986#section-2.1)
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://unisolated.invalid
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://unisolated.invalidsms_fetcherBlink.Sms.Receive.TimeSmsReceiveBlink.Sms.Receive.TimeCancelOnSu
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://userguide.icu-project.org/strings/properties
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.3waylabs.com/nw/WWW/products/wizcon/vt220.html
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.accv.es00
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/0
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.color.org
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.color.orgRegistryNameCustomOutputConditionIdentifierDestOutputProfile
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.midnight-commander.org/browser/lib/tty/key.c
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.squid-cache.org/Doc/config/half_closed_clients/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-capture-time
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-send-timehttp://www.webrtc.org/experiments/rtp-hdre
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/color-space
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-00
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/inband-cn
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/inband-cnprofile-level-idlevel-asymmetry-allowedWebRTC-
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/playout-delay
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/transport-wide-cc-02
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-content-type
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-frame-tracking-id
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-layers-allocation00
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-timing
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.xfa.com/schema/xfa-package/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.xfa.org/schema/xci/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.xfa.org/schema/xdc/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.xfa.org/schema/xfa-connection-set/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.xfa.org/schema/xfa-data/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.xfa.org/schema/xfa-data/1.0/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.xfa.org/schema/xfa-data/1.0/xmlns:xfa
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.xfa.org/schema/xfa-form/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.xfa.org/schema/xfa-locale-set/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.xfa.org/schema/xfa-package/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.xfa.org/schema/xfa-source-set/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.xfa.org/schema/xfa-template/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://...
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://accounts.google.com
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://alekberg.net/privacy
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://alekberg.net/privacyalekberg.net
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://aomediacodec.github.io/av1-rtp-spec/#dependency-descriptor-rtp-header-extension
Source: Update.exe, 0000000A.00000000.1303554849.0000000000452000.00000002.00000001.01000000.00000007.sdmp, Update.exe, 0000000A.00000002.2243154286.0000000012951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.github.com/#
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://bit.ly/31yqMJR.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://bit.ly/31yqMJR.GpuLockdownDefaultDacl
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.htmlattribution
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=10201
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp, criptocns.exe, 0000000F.00000000.2074063248.00007FF74C0B7000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=10704
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=6593
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://chrome-devtools-frontend.appspot.com/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://chrome-devtools-frontend.appspot.com/%s%s/%s/NetworkResourceLoaderDevToolsAPI.streamWriteIns
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://chrome-devtools-frontend.appspot.com/serve_rev/%s/%s.html
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://chrome-devtools-frontend.appspot.com/serve_rev/%s/%s.html/devtools/page/%s?ws=%s%s%sMalforme
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://chrome.cloudflare-dns.com/dns-query
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://chrome.cloudflare-dns.com/dns-queryone.one.one.one1dot1dot1dot1.cloudflare-dns.com1.1.1.11.0
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://chrome.google.com/webstore
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp, criptocns.exe, 0000000F.00000000.2074063248.00007FF74C359000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://chromium.googlesource.com/chromium/src/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://cleanbrowsing.org/privacy
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://cleanbrowsing.org/privacyCleanBrowsing
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=25916
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp, criptocns.exe, 0000000F.00000000.2074063248.00007FF74C0B7000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#console-namespace
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crashpad.chromium.org/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crashpad.chromium.org/bug/new
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crbug.com/1038223.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crbug.com/1053756
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crbug.com/1053756ICE
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crbug.com/1234857.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crbug.com/1234857.Error
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crbug.com/401439).
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crbug.com/619103.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crbug.com/619103.Subsequence
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crbug.com/981419
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crbug.com/v8/7848
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://cs.chromium.org/chromium/src/v8/tools/SourceMap.js?rcl=dd10454c1d
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://developer.chrome.com/blog/enabling-shared-array-buffer/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://developer.chrome.com/blog/immutable-document-domain/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://developer.chrome.com/blog/mv2-transition/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://developer.chrome.com/docs/extensions/mv3/cross-origin-isolation/.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Equality_comparisons_and_sameness#Loose_equa
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/Cloudflare
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://developers.google.com/web/updates/2016/08/removing-document-write
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://dns.sb/privacy/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://dnsnl.alekberg.net/dns-query
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://doh.cleanbrowsing.org/doh/adult-filter
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://doh.cleanbrowsing.org/doh/family-filter
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://doh.cleanbrowsing.org/doh/security-filter
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://doh.cox.net/dns-query
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://doh.cox.net/dns-querydot.cox.net68.105.28.1168.105.28.122001:578:3f::30
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://doh.xfinity.com/dns-query
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org/#textdecoder
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org/#textencoder
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://esdiscuss.org/topic/isconstructor#content-11
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://gist.github.com/XVilka/8346728#gistcomment-2823421
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/WICG/construct-stylesheets/issues/119#issuecomment-588352418.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/WICG/construct-stylesheets/issues/119#issuecomment-588352418.border-boxcontent-bo
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/WICG/conversion-measurement-api).
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/antirez/linenoise
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/chalk/ansi-regex/blob/HEAD/index.js
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/chalk/supports-color
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/chromium/chromium/blob/HEAD/third_party/blink/public/platform/web_crypto_algorith
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/da-x/rxvt-unicode/tree/v9.22-with-24bit-color
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/electron/electron/issues/18397.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/electron/electron/issues/18397.Module
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/repairES5.js
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/startSES.js
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/google/closure-compiler/wiki/Source-Maps
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/isaacs/color-support.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/joyent/node/issues/3295.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/libuv/libuv/pull/1501.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/mafintosh/end-of-stream
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/mafintosh/pump
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/mysticatea/abort-controller
Source: Update.exe, 0000000A.00000000.1303554849.0000000000452000.00000002.00000001.01000000.00000007.sdmp, Update.exe, 0000000A.00000002.2243154286.0000000012951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/myuser/myrepo
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node-v0.x-archive/issues/2876.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/commit/ec2822adaad76b126b5cccdeaa1addf2376c9aa6
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/commit/f7620fb96d339f704932f9bb9a0dceb9952df2d4
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/10673
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/13435
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/19009
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/2006
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/2119
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/31074
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/3392
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/35475
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/35862
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/35981
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/12342
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/12607
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/13870#discussion_r124515293
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/1771#issuecomment-119351671
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/21313
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/26334.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/30380#issuecomment-552948364
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/30958
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/33515.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/33661
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/3394
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34010
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34103#issuecomment-652002364
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34375
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34385
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/35949#issuecomment-722496598
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/36061#discussion_r533718029
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/38248
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/38433#issuecomment-828426932
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/38614)
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/standard-things/esm/issues/821.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/tc39/ecma262/blob/HEAD/LICENSE.md
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/tc39/ecma262/issues/1209
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/tc39/proposal-ses/blob/e5271cc42a257a05dcae2fd94713ed2f46c08620/shim/src/freeze.j
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/tc39/proposal-weakrefs
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/w3c/ServiceWorker/issues/1356.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/w3c/ServiceWorker/issues/1356.v8.produceCachev8.produceModuleCacheV8.CodeCacheSiz
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/w3c/webappsec-trusted-types/wiki/Trusted-Types-for-function-constructor
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://goo.gl/LdLk22
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://goo.gl/LdLk22Empty
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://goo.gl/LdLk22Failed
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://goo.gl/Y0ZkNV).
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp, criptocns.exe, 0000000F.00000000.2074063248.00007FF74C24E000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://goo.gl/rStTGz
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://goo.gl/t5IS6M).
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://goo.gl/yabPex
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#Replaceable
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#define-the-operations
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-class-string
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-default-iterator-object
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-iterator-prototype-object
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-interfaces
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterable
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterable-entries
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterators
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-namespaces
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-operations
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-stringifier
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaque
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://invisible-island.net/ncurses/terminfo.ti.html#toc-_Specials
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://invisible-island.net/xterm/ctlseqs/ctlseqs.html
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://linux.die.net/man/1/dircolors).
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://monitoring.url.loader.factory.invalid
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://monitoring.url.loader.factory.invalidPermissions
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://no-color.org/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://nodejs.org/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://nodejs.org/api/fs.html
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp, criptocns.exe, 0000000F.00000000.2074063248.00007FF74C0B7000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://nodejs.org/api/fs.html#fs_stat_time_values)
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp, criptocns.exe, 0000000F.00000003.2201279366.0000399D0034A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/download/release/v16.13.2/node-v16.13.2-headers.tar.gz
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp, criptocns.exe, 0000000F.00000003.2201279366.0000399D0034A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/download/release/v16.13.2/node-v16.13.2.tar.gz
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://nodejs.org/download/release/v16.13.2/node-v16.13.2.tar.gzhttps://nodejs.org/download/release
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp, criptocns.exe, 0000000F.00000003.2201279366.0000399D0034A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/download/release/v16.13.2/win-x64/node.lib
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://odvr.nic.cz/doh
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://odvr.nic.cz/dohodvr.nic.cz185.43.135.1193.17.47.12001:148f:fffe::12001:148f:ffff::1
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://perfetto.dev/docs/contributing/getting-started#community).
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://perfetto.dev/docs/contributing/getting-started#community).No
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/chrome/dict/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://sourcemaps.info/spec.html
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://stackoverflow.com/a/5501711/3561
Source: Update.exe, 0000000A.00000002.2156780159.00000000029F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://tc39.es/ecma262/#sec-%typedarray%-intrinsic-object
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-%typedarray%.of
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-object.prototype.tostring
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2397#section-2
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3492#section-3.4
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3492)
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3986#section-3.2.2
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc5280#section-4.2.1.13
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc5280#section-5.2.7.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc6455#section-1.3
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc6960
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.2
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.6
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7540#section-8.1.2.5
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#cannot-have-a-username-password-port
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-url
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-url-origin
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-parser
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-serializer
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#url
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#url-serializing
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams-stringification-behavior
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://v8.dev/blog/v8-release-89
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://w3c.github.io/encrypted-media/#direct-individualization.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://w3c.github.io/encrypted-media/#distinctive-identifier)
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://w3c.github.io/encrypted-media/#distinctive-permanent-
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://webrtc.org/web-apis/chrome/unified-plan/.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3F
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/%s
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5082396709879808
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5148698084376576
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5629582019395584.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5654791610957824
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5667793157488640
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5669008342777856
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5738264052891648
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5738264052891648Renderer.Font.PrimaryFont.FCPRenderer.Font.Prim
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5742188281462784.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5742188281462784.CancelDeferredNavigationWillFailRequestDidComm
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5745543795965952
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5745543795965952blinkAddEventListenerAdded
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5749447073988608
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5749447073988608Added
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5851021045661696.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5851021045661696.The
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromium.org/blink/origin-trials/portals
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromium.org/blink/origin-trials/portals.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromium.org/blink/origin-trials/portals../../content/browser/prerender/prerender_commit
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromium.org/blink/origin-trials/portals.The
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-line-terminators
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-promise.all
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-timeclip
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/5.1/#sec-15.1.3.4
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.google.com/speech-api/full-duplex/v1
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.google.com/speech-api/full-duplex/v1key=pair=output=pb/down?speech_recognition_downstrea
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.googleapis.com
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocatemacAddresssignalStrengthsignalToNoiseRatiowifiAcc
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.googleapis.com/spelling/v%d/spelling/check?key=%s
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.googleapis.com/spelling/v%d/spelling/check?key=%serrorspellingCheckResponse.misspellings
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp, criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.gstatic.com/securitykey/a/google.com/origins.json
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp, criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.gstatic.com/securitykey/origins.json
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp, criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.gstatic.com/securitykey/origins.jsonhttps://www.gstatic.com/securitykey/a/google.com/ori
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.iana.org/assignments/tls-extensiontype-values
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.nic.cz/odvr/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.nic.cz/odvr/CZ.NIC
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://xhr.spec.whatwg.org/.

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60619
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60618
Source: unknown	Network traffic detected: HTTP traffic on port 60618 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60620
Source: unknown	Network traffic detected: HTTP traffic on port 60619 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60620 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60621 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60621

Installs a raw input device (often for capturing keystrokes)

Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp

Binary or memory string: RegisterRawInputDevices() failed for RIDEV_REMOVE

memstr_1f3d34f9-e

Abnormal high CPU Usage

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

Process Stats: CPU usage > 24%

PE file contains executable resources (Code or Archives)

Source: installcriptocns.exe

Static PE information: Resource name: DATA type: Zip archive data, at least v2.0 to extract, compression method=deflate

PE file contains more sections than normal

Source: criptocns.exe.10.dr

Static PE information: Number of sections : 13 > 10

Sample file is different than original file name gathered from version info

Source: installcriptocns.exe, 00000005.00000003.1303053946.0000000005CD1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUpdate.exe2 vs installcriptocns.exe
Source: installcriptocns.exe, 00000005.00000003.1303053946.0000000005CDF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUpdate.exe2 vs installcriptocns.exe

Uses 32bit PE files

Source: installcriptocns.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: sus30.troj.winEXE@96/209@1/1

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

File created: C:\Users\user\AppData\Local\CriptoCNS

Jump to behavior

Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6740:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2132:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3132:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5444:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6928:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5696:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3964:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1996:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3956:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:528:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2576:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5148:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3928:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6208:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4880:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6556:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4824:120:WilError_03

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

File created: C:\Users\user\AppData\Local\Temp\.squirrel-lock-80FE40C371EE331E8AAC12FD0CE045EE05CB9C25

Jump to behavior

Source: installcriptocns.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\installcriptocns.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: criptocns.exe, 0000000F.00000000.2074063248.00007FF74C359000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: SELECT name FROM sqlite_master WHERE type='table';
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: CREATE TABLE cookies(creation_utc INTEGER NOT NULL,host_key TEXT NOT NULL,top_frame_site_key TEXT NOT NULL,name TEXT NOT NULL,value TEXT NOT NULL,encrypted_value BLOB NOT NULL,path TEXT NOT NULL,expires_utc INTEGER NOT NULL,is_secure INTEGER NOT NULL,is_httponly INTEGER NOT NULL,last_access_utc INTEGER NOT NULL,has_expires INTEGER NOT NULL,is_persistent INTEGER NOT NULL,priority INTEGER NOT NULL,samesite INTEGER NOT NULL,source_scheme INTEGER NOT NULL,source_port INTEGER NOT NULL,is_same_party INTEGER NOT NULL);
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);

Source: unknown	Process created: C:\Users\user\Desktop\installcriptocns.exe "C:\Users\user\Desktop\installcriptocns.exe"
Source: unknown	Process created: C:\Users\user\Desktop\installcriptocns.exe "C:\Users\user\Desktop\installcriptocns.exe" --rerunningWithoutUAC
Source: C:\Users\user\Desktop\installcriptocns.exe	Process created: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe "C:\Users\user\AppData\Local\SquirrelTemp\Update.exe" --install . --rerunningWithoutUAC
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\Squirrel.exe" --updateSelf=C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe" --squirrel-install 1.1.1
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe" --squirrel-firstrun
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\criptocns" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1656,i,17898378316754652978,529011506488449579,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice/service.js "--log={\"path\":\"C:\\Users\\user\\.criptocns\",\"fname\":\"criptocns-n.log\",\"maxSize\":2048,\"rotate\":5,\"level\":1}" "--server={\"port\":9171,\"maxAge\":1800,\"trustedOrigins\":{\"warning\":true,\"origins\":[]}}" --service=CriptoCNS
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\criptocns" --mojo-platform-channel-handle=2012 --field-trial-handle=1656,i,17898378316754652978,529011506488449579,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "hash kdialog 2>/dev/null"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "osascript -e 'id of application "kdialog"' 2>&1>/dev/null"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where kdialog"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where kdialog
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where kdialog.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where kdialog.exe
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe kdialog"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe kdialog
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe kdialog.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe kdialog.exe
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "hash zenity 2>/dev/null"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "osascript -e 'id of application "zenity"' 2>&1>/dev/null"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where zenity"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where zenity
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where zenity.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where zenity.exe
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe zenity"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe zenity
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe zenity.exe"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\criptocns" --app-user-model-id=com.squirrel.CriptoCNS.criptocns --app-path="C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app" --no-sandbox --no-zygote --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --launch-time-ticks=4564869468 --mojo-platform-channel-handle=2308 --field-trial-handle=1656,i,17898378316754652978,529011506488449579,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe zenity.exe
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "hash yad 2>/dev/null"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "osascript -e 'id of application "yad"' 2>&1>/dev/null"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where yad"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where yad
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where yad.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where yad.exe
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe yad"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe yad
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe yad.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe yad.exe
Source: C:\Users\user\Desktop\installcriptocns.exe	Process created: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe "C:\Users\user\AppData\Local\SquirrelTemp\Update.exe" --install . --rerunningWithoutUAC	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\Squirrel.exe" --updateSelf=C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe" --squirrel-install 1.1.1	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe" --squirrel-firstrun	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\criptocns" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1656,i,17898378316754652978,529011506488449579,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice/service.js "--log={\"path\":\"C:\\Users\\user\\.criptocns\",\"fname\":\"criptocns-n.log\",\"maxSize\":2048,\"rotate\":5,\"level\":1}" "--server={\"port\":9171,\"maxAge\":1800,\"trustedOrigins\":{\"warning\":true,\"origins\":[]}}" --service=CriptoCNS	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\criptocns" --mojo-platform-channel-handle=2012 --field-trial-handle=1656,i,17898378316754652978,529011506488449579,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\criptocns" --app-user-model-id=com.squirrel.CriptoCNS.criptocns --app-path="C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app" --no-sandbox --no-zygote --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --launch-time-ticks=4564869468 --mojo-platform-channel-handle=2308 --field-trial-handle=1656,i,17898378316754652978,529011506488449579,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "hash kdialog 2>/dev/null"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "osascript -e 'id of application "kdialog"' 2>&1>/dev/null"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where kdialog"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where kdialog.exe"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe kdialog"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe kdialog.exe"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "hash zenity 2>/dev/null"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "osascript -e 'id of application "zenity"' 2>&1>/dev/null"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where zenity"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where zenity.exe"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe zenity"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe zenity.exe"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "hash yad 2>/dev/null"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "osascript -e 'id of application "yad"' 2>&1>/dev/null"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where yad"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where yad.exe"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe yad"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe yad.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where kdialog
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where kdialog.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe kdialog
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe kdialog.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where zenity
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where zenity.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe zenity
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe zenity.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where yad
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where yad.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe yad
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe yad.exe

Source: C:\Users\user\Desktop\installcriptocns.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\installcriptocns.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\installcriptocns.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Users\user\Desktop\installcriptocns.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\installcriptocns.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\installcriptocns.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\installcriptocns.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\installcriptocns.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\installcriptocns.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\installcriptocns.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\installcriptocns.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Users\user\Desktop\installcriptocns.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\installcriptocns.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\installcriptocns.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\installcriptocns.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\installcriptocns.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\installcriptocns.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: msvcp140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: msctfui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: d3dcompiler_47.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Section loaded: msvcp140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: ffmpeg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: ffmpeg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: kbdus.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: mscms.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: coloradapterclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: msspellcheckingfacility.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: twinapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: directmanipulation.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: ffmpeg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: mf.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: mfplat.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: rtworkq.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: msmpeg2vdec.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: mfperfhelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dxva2.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: msvproc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.cloudstore.schema.shell.dll
Source: C:\Windows\System32\where.exe	Section loaded: version.dll
Source: C:\Windows\System32\where.exe	Section loaded: version.dll
Source: C:\Windows\System32\where.exe	Section loaded: version.dll
Source: C:\Windows\System32\where.exe	Section loaded: version.dll
Source: C:\Windows\System32\where.exe	Section loaded: version.dll
Source: C:\Windows\System32\where.exe	Section loaded: version.dll
Source: C:\Windows\System32\where.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\where.exe	Section loaded: version.dll
Source: C:\Windows\System32\where.exe	Section loaded: version.dll
Source: C:\Windows\System32\where.exe	Section loaded: version.dll
Source: C:\Windows\System32\where.exe	Section loaded: version.dll
Source: C:\Windows\System32\where.exe	Section loaded: version.dll

Source: C:\Users\user\Desktop\installcriptocns.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CriptoCNS

Jump to behavior

Source: installcriptocns.exe

Static file information: File size 87736320 > 1048576

Source: installcriptocns.exe

Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x5381200

Source: installcriptocns.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: installcriptocns.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: installcriptocns.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: installcriptocns.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: installcriptocns.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: installcriptocns.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: installcriptocns.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: installcriptocns.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: System.pdbF source: Update.exe, 0000000A.00000002.2299747007.0000000022093000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: netstandard.pdb.mdb source: Update.exe, 0000000A.00000000.1303554849.0000000000452000.00000002.00000001.01000000.00000007.sdmp, Update.exe, 0000000A.00000002.2254208604.000000001B6D0000.00000004.00000020.00020000.00000000.sdmp, Update.exe, 0000000A.00000002.2243154286.0000000012951000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System.pdbpdbtem.pdb source: Update.exe, 0000000A.00000002.2301545150.00000000220A7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\System.pdb source: Update.exe, 0000000A.00000002.2301545150.00000000220A7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: Update.exe, 0000000A.00000002.2294425478.0000000021B86000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: electron.exe.pdb source: criptocns.exe, 0000000F.00000000.2074063248.00007FF74C359000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: C:\Users\ani\code\squirrel\squirrel.windows\build\Release\Win32\Setup.pdb source: installcriptocns.exe, 00000000.00000000.1176549095.000000000057F000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.pdb source: Update.exe, 0000000A.00000002.2295336873.0000000021BC3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.pdb source: Update.exe, 0000000A.00000002.2286850282.000000001FE4F000.00000004.00000020.00020000.00000000.sdmp, Update.exe, 0000000A.00000002.2299747007.0000000022093000.00000004.00000020.00020000.00000000.sdmp

Source: installcriptocns.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: installcriptocns.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: installcriptocns.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: installcriptocns.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: installcriptocns.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Binary contains a suspicious time stamp

Source: d3dcompiler_47.dll.10.dr

Static PE information: 0xF3329C94 [Sat Apr 18 07:26:12 2099 UTC]

PE file contains sections with non-standard names

Source: criptocns.exe.10.dr	Static PE information: section name: .00cfg
Source: criptocns.exe.10.dr	Static PE information: section name: .retplne
Source: criptocns.exe.10.dr	Static PE information: section name: .rodata
Source: criptocns.exe.10.dr	Static PE information: section name: CPADinfo
Source: criptocns.exe.10.dr	Static PE information: section name: _RDATA
Source: criptocns.exe.10.dr	Static PE information: section name: malloc_h
Source: ffmpeg.dll.10.dr	Static PE information: section name: .00cfg
Source: ffmpeg.dll.10.dr	Static PE information: section name: _RDATA
Source: libEGL.dll.10.dr	Static PE information: section name: .00cfg
Source: libEGL.dll.10.dr	Static PE information: section name: _RDATA
Source: libGLESv2.dll.10.dr	Static PE information: section name: .00cfg
Source: libGLESv2.dll.10.dr	Static PE information: section name: _RDATA
Source: libEGL.dll0.10.dr	Static PE information: section name: .00cfg
Source: libEGL.dll0.10.dr	Static PE information: section name: _RDATA
Source: libGLESv2.dll0.10.dr	Static PE information: section name: .00cfg
Source: libGLESv2.dll0.10.dr	Static PE information: section name: _RDATA
Source: vk_swiftshader.dll.10.dr	Static PE information: section name: .00cfg
Source: vk_swiftshader.dll.10.dr	Static PE information: section name: _RDATA
Source: vulkan-1.dll.10.dr	Static PE information: section name: .00cfg
Source: vulkan-1.dll.10.dr	Static PE information: section name: _RDATA
Source: hamahiri-native.node.10.dr	Static PE information: section name: _RDATA
Source: lock-native.node.10.dr	Static PE information: section name: _RDATA

Drops PE files

Source: C:\Users\user\Desktop\installcriptocns.exe	File created: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components\lock-native.node	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\CriptoCNS\Update.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\vulkan-1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components\hamahiri-native.node	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\swiftshader\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\CriptoCNS\criptocns.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\ffmpeg.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\swiftshader\libEGL.dll	Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components\hamahiri-native.node			Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components\lock-native.node			Jump to dropped file

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

File created: C:\Users\user\AppData\Local\SquirrelTemp\Squirrel-Install.log

Jump to behavior

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Memory allocated: D50000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Memory allocated: 1A930000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Memory allocated: AB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Memory allocated: 1A850000 memory reserve \| memory write watch	Jump to behavior

Contains long sleeps (>= 3 min)

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Window / User API: threadDelayed 9339	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Window / User API: threadDelayed 453	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Window / User API: threadDelayed 490	Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components\lock-native.node	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\vulkan-1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components\hamahiri-native.node	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\swiftshader\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\CriptoCNS\criptocns.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\swiftshader\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\libGLESv2.dll	Jump to dropped file

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe TID: 7004	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe TID: 5208	Thread sleep count: 490 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe TID: 6588	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Queries keyboard layouts

Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809			Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809

Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File Volume queried: C:\Users\user\AppData\Roaming\criptocns\Code Cache\wasm FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File Volume queried: C:\Users\user\AppData\Roaming\criptocns\Code Cache\js FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File Volume queried: C:\Users\user\AppData\Roaming\criptocns\blob_storage\99c2638c-ca1f-4b1f-9001-5d6684703d74 FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File Volume queried: C:\Users\user\AppData\Roaming\criptocns\Cache\Cache_Data FullSizeInformation

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File opened: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File opened: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File opened: C:\Users\user\AppData\Local\CriptoCNS	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: VMware Virtual Webcam
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: VMware Fusion 4 has corrupt rendering with Win Vista+
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: VMnet
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: VMware, Inc.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: VMware Inc.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: eb1a:2860eb1a:28201ce6:282012ab:03801943:22530c45:64d00c45:64d21bcf:298504ca:704704ca:704804f2:b3ed04f2:b3ca05c8:035d05c8:036904ca:709513d3:52570bda:57f20fd9:0066VMware Virtual WebcamMedia.VideoCapture.BlacklistedDeviceGoogle Camera AdapterIP Camera [JPEG/MJPEG]CyberLink Webcam SplitterEpocCam../../media/capture/video/video_capture_metrics.ccDevice supports Media.VideoCapture.Device.SupportedPixelFormatMedia.VideoCapture.Device.SupportedResolution
Source: criptocns.exe, 0000000F.00000002.2659980788.000002306824E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: criptocns.exe, 0000000F.00000002.2659980788.000002306824E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWO&h0
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: Gearway Electronics (Dong Guan) Co., Ltd.VMware Inc.Olimex Ltd.
Source: criptocns.exe, 0000000F.00000002.2659980788.000002306824E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWws\System32\en-US\wshqos.dll.mui
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: Qemu Audio Device
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: lgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmcIGfE
Source: Update.exe, 0000000A.00000002.2283567664.000000001FE30000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: VMware can crash with older drivers and WebGL content
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: Access-Control-Allow-Credentials: trueNet.RedirectChainLengthurl_chainload_state_paramdelegate_blocked_byhas_uploadis_pendingDelegateNet.URLRequest.ReferrerPolicyForRequest.SameOriginNet.URLRequest.ReferrerHasInformativePath.SameOriginNet.URLRequest.ReferrerPolicyForRequest.CrossOriginNet.URLRequest.ReferrerHasInformativePath.CrossOrigin../../net/url_request/url_request_job.ccOnDonenum_failuresrelease_after_msThrottling.RequestThrottled../../net/base/network_interfaces_win.ccWlanApiwlanapi.dllWlanQueryInterfaceWlanSetInterfaceVMnetGetAdaptersAddresses failed: 8Q

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

Memory allocated: page read and write | page guard

Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\Squirrel.exe" --updateSelf=C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe" --squirrel-install 1.1.1	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe" --squirrel-firstrun	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\criptocns" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1656,i,17898378316754652978,529011506488449579,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice/service.js "--log={\"path\":\"C:\\Users\\user\\.criptocns\",\"fname\":\"criptocns-n.log\",\"maxSize\":2048,\"rotate\":5,\"level\":1}" "--server={\"port\":9171,\"maxAge\":1800,\"trustedOrigins\":{\"warning\":true,\"origins\":[]}}" --service=CriptoCNS	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\criptocns" --mojo-platform-channel-handle=2012 --field-trial-handle=1656,i,17898378316754652978,529011506488449579,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\criptocns" --app-user-model-id=com.squirrel.CriptoCNS.criptocns --app-path="C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app" --no-sandbox --no-zygote --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --launch-time-ticks=4564869468 --mojo-platform-channel-handle=2308 --field-trial-handle=1656,i,17898378316754652978,529011506488449579,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "hash kdialog 2>/dev/null"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "osascript -e 'id of application "kdialog"' 2>&1>/dev/null"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where kdialog"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where kdialog.exe"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe kdialog"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe kdialog.exe"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "hash zenity 2>/dev/null"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "osascript -e 'id of application "zenity"' 2>&1>/dev/null"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where zenity"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where zenity.exe"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe zenity"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe zenity.exe"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "hash yad 2>/dev/null"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "osascript -e 'id of application "yad"' 2>&1>/dev/null"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where yad"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where yad.exe"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe yad"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe yad.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where kdialog
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where kdialog.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe kdialog
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe kdialog.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where zenity
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where zenity.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe zenity
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe zenity.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where yad
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where yad.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe yad
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe yad.exe

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "c:\users\user\appdata\local\criptocns\app-1.1.1\criptocns.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\criptocns" --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaegaaaaaaaaasaaaaaaaaaayaaaaagaaabaaaaaaaaaagaaaaaaaaaaqaaaaaaaaaaaaaaaoaaaaeaaaaaaaaaabaaaadgaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1568 --field-trial-handle=1656,i,17898378316754652978,529011506488449579,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe c:\users\user\appdata\local\criptocns\app-1.1.1\criptocns.exe c:\users\user\appdata\local\criptocns\app-1.1.1\resources\app\appservice/service.js "--log={\"path\":\"c:\\users\\user\\.criptocns\",\"fname\":\"criptocns-n.log\",\"maxsize\":2048,\"rotate\":5,\"level\":1}" "--server={\"port\":9171,\"maxage\":1800,\"trustedorigins\":{\"warning\":true,\"origins\":[]}}" --service=criptocns
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "c:\users\user\appdata\local\criptocns\app-1.1.1\criptocns.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\criptocns" --mojo-platform-channel-handle=2012 --field-trial-handle=1656,i,17898378316754652978,529011506488449579,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:8
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "c:\users\user\appdata\local\criptocns\app-1.1.1\criptocns.exe" --type=renderer --user-data-dir="c:\users\user\appdata\roaming\criptocns" --app-user-model-id=com.squirrel.criptocns.criptocns --app-path="c:\users\user\appdata\local\criptocns\app-1.1.1\resources\app" --no-sandbox --no-zygote --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --launch-time-ticks=4564869468 --mojo-platform-channel-handle=2308 --field-trial-handle=1656,i,17898378316754652978,529011506488449579,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:1
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "c:\users\user\appdata\local\criptocns\app-1.1.1\criptocns.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\criptocns" --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaegaaaaaaaaasaaaaaaaaaayaaaaagaaabaaaaaaaaaagaaaaaaaaaaqaaaaaaaaaaaaaaaoaaaaeaaaaaaaaaabaaaadgaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1568 --field-trial-handle=1656,i,17898378316754652978,529011506488449579,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe c:\users\user\appdata\local\criptocns\app-1.1.1\criptocns.exe c:\users\user\appdata\local\criptocns\app-1.1.1\resources\app\appservice/service.js "--log={\"path\":\"c:\\users\\user\\.criptocns\",\"fname\":\"criptocns-n.log\",\"maxsize\":2048,\"rotate\":5,\"level\":1}" "--server={\"port\":9171,\"maxage\":1800,\"trustedorigins\":{\"warning\":true,\"origins\":[]}}" --service=criptocns	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "c:\users\user\appdata\local\criptocns\app-1.1.1\criptocns.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\criptocns" --mojo-platform-channel-handle=2012 --field-trial-handle=1656,i,17898378316754652978,529011506488449579,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:8	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "c:\users\user\appdata\local\criptocns\app-1.1.1\criptocns.exe" --type=renderer --user-data-dir="c:\users\user\appdata\roaming\criptocns" --app-user-model-id=com.squirrel.criptocns.criptocns --app-path="c:\users\user\appdata\local\criptocns\app-1.1.1\resources\app" --no-sandbox --no-zygote --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --launch-time-ticks=4564869468 --mojo-platform-channel-handle=2308 --field-trial-handle=1656,i,17898378316754652978,529011506488449579,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:1	Jump to behavior

Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: ../../electron/shell/browser/ui/views/electron_views_delegate_win.ccGetAppbarAutohideEdgesShell_TrayWnd
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: ?@../../third_party/webrtc/modules/desktop_capture/win/cursor.ccCreateMouseCursorFromHCursorUnable to get cursor icon info. Error = Unable to get bitmap info. Error = Unable to get bitmap bits. Error = DwmIsCompositionEnabledDwmGetWindowAttribute../../third_party/webrtc/modules/desktop_capture/win/window_capture_utils.ccFail to create instance of VirtualDesktopManagerChrome_WidgetWin_Progman

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
162.159.61.3	chrome.cloudflare-dns.com	United States		13335	CLOUDFLARENETUS	false

Contacted Domains

Name	IP	Active
chrome.cloudflare-dns.com	162.159.61.3	true

Uses 32bit PE files

Source: installcriptocns.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CriptoCNS

Jump to behavior

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

File created: C:\Users\user\AppData\Local\SquirrelTemp\Squirrel-Install.log

Jump to behavior

Source: installcriptocns.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: System.pdbF source: Update.exe, 0000000A.00000002.2299747007.0000000022093000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: netstandard.pdb.mdb source: Update.exe, 0000000A.00000000.1303554849.0000000000452000.00000002.00000001.01000000.00000007.sdmp, Update.exe, 0000000A.00000002.2254208604.000000001B6D0000.00000004.00000020.00020000.00000000.sdmp, Update.exe, 0000000A.00000002.2243154286.0000000012951000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System.pdbpdbtem.pdb source: Update.exe, 0000000A.00000002.2301545150.00000000220A7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\System.pdb source: Update.exe, 0000000A.00000002.2301545150.00000000220A7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: Update.exe, 0000000A.00000002.2294425478.0000000021B86000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: electron.exe.pdb source: criptocns.exe, 0000000F.00000000.2074063248.00007FF74C359000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: C:\Users\ani\code\squirrel\squirrel.windows\build\Release\Win32\Setup.pdb source: installcriptocns.exe, 00000000.00000000.1176549095.000000000057F000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.pdb source: Update.exe, 0000000A.00000002.2295336873.0000000021BC3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.pdb source: Update.exe, 0000000A.00000002.2286850282.000000001FE4F000.00000004.00000020.00020000.00000000.sdmp, Update.exe, 0000000A.00000002.2299747007.0000000022093000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File opened: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File opened: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File opened: C:\Users\user\AppData\Local\CriptoCNS	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Networking

Yara detected Generic Downloader

Source: Yara match	File source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\CriptoCNS\Update.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe, type: DROPPED

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 162.159.61.3 162.159.61.3

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: V8.MemoryHeapUsedV8.MemoryHeapCommittedmail.google.com.gmaildrive.google.com.docsplus.google.com.plusinbox.google.com.inboxcalendar.google.com.calendarwww.youtube.com.youtube.top10sina.com.cnfacebook.combaidu.comqq.comtwitter.comtaobao.comlive.com equals www.youtube.com (Youtube)
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: chttps://www.baidu.com/s?ie={inputEncoding}&wd={searchTerms}https://www.baidu.com/s?ie={inputEncoding}&word={searchTerms}https://www.baidu.com/{google:pathWildcard}/s?ie={inputEncoding}&word={searchTerms}{google:baseURL}#q={searchTerms}{google:baseURL}search#q={searchTerms}{google:baseURL}webhp#q={searchTerms}{google:baseURL}s#q={searchTerms}{google:baseURL}s?q={searchTerms}https://go.mail.ru/msearch?q={searchTerms}&{mailru:referralID}https://m.so.com/s?ie={inputEncoding}&q={searchTerms}https://m.so.com/index.php?ie={inputEncoding}&q={searchTerms}https://m.sogou.com/web/{google:pathWildcard}?ie={inputEncoding}&keyword={searchTerms}http://searchatlas.centrum.cz/?q={searchTerms}http://hladaj.atlas.sk/fulltext/?phrase={searchTerms}http://isearch.avg.com/search?q={searchTerms}http://search.avg.com/route/?q={searchTerms}&lng={language}https://isearch.avg.com/search?q={searchTerms}https://search.avg.com/route/?q={searchTerms}&lng={language}http://search.babylon.com/?q={searchTerms}http://search.conduit.com/Results.aspx?q={searchTerms}http://www.delfi.lt/paieska/?q={searchTerms}http://www.delta-search.com/?q={searchTerms}http://www1.delta-search.com/home?q={searchTerms}http://www1.delta-search.com/?q={searchTerms}http://www2.delta-search.com/home?q={searchTerms}http://www2.delta-search.com/?q={searchTerms}http://www.search.delta-search.com/home?q={searchTerms}http://www.search.delta-search.com/?q={searchTerms}http://www.yhs.delta-search.com/home?q={searchTerms}http://www.yhs.delta-search.com/?q={searchTerms}http://mixidj.delta-search.com/home?q={searchTerms}http://mixidj.delta-search.com/?q={searchTerms}http://search.goo.ne.jp/web.jsp?MT={searchTerms}&IE={inputEncoding}http://search.goo.ne.jp/sgt.jsp?MT={searchTerms}&CL=plugin&FM=json&IE={inputEncoding}http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx#q={searchTerms}http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx#q={searchTerms}http://start.iminent.com/?q={searchTerms}http://start.iminent.com/StartWeb/1033/homepage/#q={searchTerms}http://search.incredibar.com/?q={searchTerms}http://mystart.incredibar.com/?search={searchTerms}https://www.neti.ee/cgi-bin/otsing?query={searchTerms}&src=webhttps://www.neti.ee/api/suggestOS?suggestVersion=1&suggestQuery={searchTerms}https://nova.rambler.ru/search?query={searchTerms}https://nova.rambler.ru/suggest?v=3&query={searchTerms}http://www.search-results.com/web?q={searchTerms}http://search.snap.do/?q={searchTerms}http://feed.snapdo.com/?q={searchTerms}http://feed.snap.do/?q={searchTerms}http://en.softonic.com/s/{searchTerms}http://www.softonic.com/s/{searchTerms}http://www.softonic.com.br/s/{searchTerms}http://buscador.softonic.com/?q={searchTerms}http://nl.softonic.com/s/{searchTerms}https://search.softonic.com/?q={searchTerms}https://en.softonic.com/s/{searchTerms}https://www.softonic.com/s/{searchTerms}https://www.softonic.com.br/s/{searchTerms}https://buscador.softonic.com/?q={searchTerms}https://nl.softonic.com/s/{searchTer
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)

Source: global traffic

DNS traffic detected: DNS query: chrome.cloudflare-dns.com

Source: unknown

Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://%s:80../../services/network/public/cpp/network_connection_tracker.ccOnNetworkChangedOnGetConn
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://../../content/browser/browsing_data/browsing_data_remover_impl.ccBrowsingDataRemoverImpl
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://.css
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://.jpg
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://127.0.0.1
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp, criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp, criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: Update.exe, 0000000A.00000002.2156780159.0000000002F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/CriptoCNS.nuspec
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/_rels/.rels
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/chrome_100_percent.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/chrome_200_percent.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/criptocns.exe
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/criptocns_ExecutionStub.exe
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/d3dcompiler_47.dll
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/ffmpeg.dll
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/icudtl.dat
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/libEGL.dll
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/libGLESv2.dll
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/am.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/ar.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/bg.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/bn.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/ca.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/cs.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/da.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/de.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/el.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/en-GB.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/en-US.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/es-419.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/es.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/et.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/fa.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/fi.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/fil.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/fr.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/gu.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/he.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/hi.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/hr.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/hu.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/id.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/it.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/ja.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/kn.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/ko.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/lt.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/lv.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/ml.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/mr.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/ms.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/nb.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/nl.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/pl.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/pt-BR.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/pt-PT.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/ro.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/ru.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/sk.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/sl.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/sr.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/sv.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/sw.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/ta.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/te.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/th.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/tr.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/uk.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/vi.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/zh-CN.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/locales/zh-TW.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/appservice/ask.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/appservice/config.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/appservice/distribution.json
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/appservice/main.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/appservice/module.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/appservice/options.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/appservice/res/ask.html
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/appservice/res/defender.png
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/appservice/res/help.html
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/appservice/res/options.html
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/appservice/res/origens.png
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/appservice/res/signature-32x32.ico
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/appservice/res/system-tray.png
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/appservice/res/w3pro.css
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/appservice/service.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/components/aroari.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/components/hamahiri-native.node
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/components/hamahiri.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/components/hekura-schema.json
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/components/hekura.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/components/lock-native.node
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/components/lock.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/components/options.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/components/update.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/components/wanhamou.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/alert/.editorconfig
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/alert/.gitattributes
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/alert/.github/CONTRIBUTING.md
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/alert/.github/FUNDING.yml
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/alert/.github/ISSUE_TEMPLATE.md
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/alert/.github/PULL_REQUEST_TEMPLATE.md
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/alert/.github/workflows/test.yml
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/alert/LICENSE.md
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/alert/README.md
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/alert/alert.d.ts
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/alert/cli.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/alert/index.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/alert/msgbox.vbs
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/alert/node.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/alert/package.json
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/asn1js/README.md
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/asn1js/build/asn1.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/asn1js/build/asn1.js.map
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/asn1js/index.d.ts
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/asn1js/package.json
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/asn1js/src/asn1.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/is-program-installed/.editorconfig
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/is-program-installed/.gitattributes
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/is-program-installed/.github/CONTRIBUTI
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/is-program-installed/.github/FUNDING.ym
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/is-program-installed/.github/ISSUE_TEMP
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/is-program-installed/.github/PULL_REQUE
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/is-program-installed/.github/SECURITY.m
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/is-program-installed/.github/workflows/
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/is-program-installed/LICENSE.md
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/is-program-installed/README.md
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/is-program-installed/index.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/is-program-installed/index.test.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/is-program-installed/package.json
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/LICENSE.md
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/README.md
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/common.gypi
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/except.gypi
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/index.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/napi-inl.deprecated.h
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/napi-inl.h
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/napi.h
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/node_api.gyp
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/noexcept.gypi
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/nothing.c
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/package-support.json
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/package.json
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/tools/README.md
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/tools/check-napi.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/tools/clang-format.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/tools/conversion.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/node-addon-api/tools/eslint-format.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/pvutils/README.md
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/pvutils/build/index.d.ts
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/pvutils/build/utils.es.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/pvutils/build/utils.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/node_modules/pvutils/package.json
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/resources/app/package.json
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/snapshot_blob.bin
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/squirrel.exe
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/squirrel.exe0y
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/swiftshader/libEGL.dll
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/swiftshader/libGLESv2.dll
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/v8_context_snapshot.bin
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/vk_swiftshader.dll
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/vk_swiftshader_icd.json
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/lib/net45/vulkan-1.dll
Source: Update.exe, 0000000A.00000002.2156780159.0000000002F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/package/services/metadata/core-properties/541bf5a96c91475db60c133b7a225724.p
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample._
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.bin
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.bsdiff
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.c
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.css
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.css0y
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.dat
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.diff
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.dll
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.editorconfig
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.exe
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.gitattributes
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.gyp
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.gypi
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.h
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.html
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.ico
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.js
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.json
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.map
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.md
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.node
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.nuspec
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.pak
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.png
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.psmdcp
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.rels
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.shasum
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.ts
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.vbs
Source: Update.exe, 0000000A.00000002.2156780159.0000000002EAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/tempfiles/sample.yml
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://google.com
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://google.comhttps://accounts.google.comhttps://www.googleapis.comhttps://oauthaccountmanager.go
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://html4/loose.dtd
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://localhosthttp://127.0.0.1object-src
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://narwhaljs.org)
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://ocsp.accv.es0
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://repository.swisssign.com/0
Source: Update.exe, 0000000A.00000002.2156780159.0000000002F5B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.openxmlformats.or
Source: Update.exe, 0000000A.00000002.2156780159.0000000002FE6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp, criptocns.exe, 0000000F.00000000.2074063248.00007FF74C0B7000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.js
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc3986#section-2.1)
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://unisolated.invalid
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://unisolated.invalidsms_fetcherBlink.Sms.Receive.TimeSmsReceiveBlink.Sms.Receive.TimeCancelOnSu
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://userguide.icu-project.org/strings/properties
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.3waylabs.com/nw/WWW/products/wizcon/vt220.html
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.accv.es00
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/0
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.color.org
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.color.orgRegistryNameCustomOutputConditionIdentifierDestOutputProfile
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.midnight-commander.org/browser/lib/tty/key.c
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.squid-cache.org/Doc/config/half_closed_clients/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-capture-time
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-send-timehttp://www.webrtc.org/experiments/rtp-hdre
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/color-space
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-00
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/inband-cn
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/inband-cnprofile-level-idlevel-asymmetry-allowedWebRTC-
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/playout-delay
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/transport-wide-cc-02
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-content-type
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-frame-tracking-id
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-layers-allocation00
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/video-timing
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.xfa.com/schema/xfa-package/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.xfa.org/schema/xci/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.xfa.org/schema/xdc/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.xfa.org/schema/xfa-connection-set/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.xfa.org/schema/xfa-data/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.xfa.org/schema/xfa-data/1.0/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.xfa.org/schema/xfa-data/1.0/xmlns:xfa
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.xfa.org/schema/xfa-form/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.xfa.org/schema/xfa-locale-set/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.xfa.org/schema/xfa-package/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.xfa.org/schema/xfa-source-set/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: http://www.xfa.org/schema/xfa-template/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://...
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://accounts.google.com
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://alekberg.net/privacy
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://alekberg.net/privacyalekberg.net
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://aomediacodec.github.io/av1-rtp-spec/#dependency-descriptor-rtp-header-extension
Source: Update.exe, 0000000A.00000000.1303554849.0000000000452000.00000002.00000001.01000000.00000007.sdmp, Update.exe, 0000000A.00000002.2243154286.0000000012951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.github.com/#
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://bit.ly/31yqMJR.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://bit.ly/31yqMJR.GpuLockdownDefaultDacl
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.htmlattribution
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=10201
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp, criptocns.exe, 0000000F.00000000.2074063248.00007FF74C0B7000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=10704
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=6593
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://chrome-devtools-frontend.appspot.com/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://chrome-devtools-frontend.appspot.com/%s%s/%s/NetworkResourceLoaderDevToolsAPI.streamWriteIns
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://chrome-devtools-frontend.appspot.com/serve_rev/%s/%s.html
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://chrome-devtools-frontend.appspot.com/serve_rev/%s/%s.html/devtools/page/%s?ws=%s%s%sMalforme
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://chrome.cloudflare-dns.com/dns-query
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://chrome.cloudflare-dns.com/dns-queryone.one.one.one1dot1dot1dot1.cloudflare-dns.com1.1.1.11.0
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://chrome.google.com/webstore
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp, criptocns.exe, 0000000F.00000000.2074063248.00007FF74C359000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://chromium.googlesource.com/chromium/src/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://cleanbrowsing.org/privacy
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://cleanbrowsing.org/privacyCleanBrowsing
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=25916
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp, criptocns.exe, 0000000F.00000000.2074063248.00007FF74C0B7000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#console-namespace
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crashpad.chromium.org/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crashpad.chromium.org/bug/new
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crbug.com/1038223.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crbug.com/1053756
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crbug.com/1053756ICE
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crbug.com/1234857.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crbug.com/1234857.Error
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crbug.com/401439).
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crbug.com/619103.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crbug.com/619103.Subsequence
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crbug.com/981419
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://crbug.com/v8/7848
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://cs.chromium.org/chromium/src/v8/tools/SourceMap.js?rcl=dd10454c1d
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://developer.chrome.com/blog/enabling-shared-array-buffer/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://developer.chrome.com/blog/immutable-document-domain/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://developer.chrome.com/blog/mv2-transition/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://developer.chrome.com/docs/extensions/mv3/cross-origin-isolation/.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Equality_comparisons_and_sameness#Loose_equa
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/Cloudflare
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://developers.google.com/web/updates/2016/08/removing-document-write
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://dns.sb/privacy/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://dnsnl.alekberg.net/dns-query
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://doh.cleanbrowsing.org/doh/adult-filter
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://doh.cleanbrowsing.org/doh/family-filter
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://doh.cleanbrowsing.org/doh/security-filter
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://doh.cox.net/dns-query
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://doh.cox.net/dns-querydot.cox.net68.105.28.1168.105.28.122001:578:3f::30
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://doh.xfinity.com/dns-query
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org/#textdecoder
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org/#textencoder
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://esdiscuss.org/topic/isconstructor#content-11
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://gist.github.com/XVilka/8346728#gistcomment-2823421
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/WICG/construct-stylesheets/issues/119#issuecomment-588352418.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/WICG/construct-stylesheets/issues/119#issuecomment-588352418.border-boxcontent-bo
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/WICG/conversion-measurement-api).
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/antirez/linenoise
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/chalk/ansi-regex/blob/HEAD/index.js
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/chalk/supports-color
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/chromium/chromium/blob/HEAD/third_party/blink/public/platform/web_crypto_algorith
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/da-x/rxvt-unicode/tree/v9.22-with-24bit-color
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/electron/electron/issues/18397.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/electron/electron/issues/18397.Module
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/repairES5.js
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/startSES.js
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/google/closure-compiler/wiki/Source-Maps
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/isaacs/color-support.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/joyent/node/issues/3295.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/libuv/libuv/pull/1501.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/mafintosh/end-of-stream
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/mafintosh/pump
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/mysticatea/abort-controller
Source: Update.exe, 0000000A.00000000.1303554849.0000000000452000.00000002.00000001.01000000.00000007.sdmp, Update.exe, 0000000A.00000002.2243154286.0000000012951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/myuser/myrepo
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node-v0.x-archive/issues/2876.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/commit/ec2822adaad76b126b5cccdeaa1addf2376c9aa6
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/commit/f7620fb96d339f704932f9bb9a0dceb9952df2d4
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/10673
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/13435
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/19009
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/2006
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/2119
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/31074
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/3392
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/35475
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/35862
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/35981
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/12342
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/12607
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/13870#discussion_r124515293
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/1771#issuecomment-119351671
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/21313
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/26334.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/30380#issuecomment-552948364
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/30958
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/33515.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/33661
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/3394
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34010
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34103#issuecomment-652002364
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34375
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34385
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/35949#issuecomment-722496598
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/36061#discussion_r533718029
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/38248
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/38433#issuecomment-828426932
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/38614)
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/standard-things/esm/issues/821.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/tc39/ecma262/blob/HEAD/LICENSE.md
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/tc39/ecma262/issues/1209
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/tc39/proposal-ses/blob/e5271cc42a257a05dcae2fd94713ed2f46c08620/shim/src/freeze.j
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/tc39/proposal-weakrefs
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/w3c/ServiceWorker/issues/1356.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/w3c/ServiceWorker/issues/1356.v8.produceCachev8.produceModuleCacheV8.CodeCacheSiz
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://github.com/w3c/webappsec-trusted-types/wiki/Trusted-Types-for-function-constructor
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://goo.gl/LdLk22
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://goo.gl/LdLk22Empty
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://goo.gl/LdLk22Failed
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://goo.gl/Y0ZkNV).
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp, criptocns.exe, 0000000F.00000000.2074063248.00007FF74C24E000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://goo.gl/rStTGz
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://goo.gl/t5IS6M).
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://goo.gl/yabPex
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#Replaceable
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#define-the-operations
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-class-string
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-default-iterator-object
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-iterator-prototype-object
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-interfaces
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterable
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterable-entries
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterators
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-namespaces
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-operations
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-stringifier
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaque
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://invisible-island.net/ncurses/terminfo.ti.html#toc-_Specials
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://invisible-island.net/xterm/ctlseqs/ctlseqs.html
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://linux.die.net/man/1/dircolors).
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://monitoring.url.loader.factory.invalid
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://monitoring.url.loader.factory.invalidPermissions
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://no-color.org/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://nodejs.org/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://nodejs.org/api/fs.html
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp, criptocns.exe, 0000000F.00000000.2074063248.00007FF74C0B7000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://nodejs.org/api/fs.html#fs_stat_time_values)
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp, criptocns.exe, 0000000F.00000003.2201279366.0000399D0034A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/download/release/v16.13.2/node-v16.13.2-headers.tar.gz
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp, criptocns.exe, 0000000F.00000003.2201279366.0000399D0034A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/download/release/v16.13.2/node-v16.13.2.tar.gz
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://nodejs.org/download/release/v16.13.2/node-v16.13.2.tar.gzhttps://nodejs.org/download/release
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp, criptocns.exe, 0000000F.00000003.2201279366.0000399D0034A000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/download/release/v16.13.2/win-x64/node.lib
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://odvr.nic.cz/doh
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://odvr.nic.cz/dohodvr.nic.cz185.43.135.1193.17.47.12001:148f:fffe::12001:148f:ffff::1
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://perfetto.dev/docs/contributing/getting-started#community).
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://perfetto.dev/docs/contributing/getting-started#community).No
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://redirector.gvt1.com/edgedl/chrome/dict/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://sourcemaps.info/spec.html
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://stackoverflow.com/a/5501711/3561
Source: Update.exe, 0000000A.00000002.2156780159.00000000029F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://tc39.es/ecma262/#sec-%typedarray%-intrinsic-object
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-%typedarray%.of
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-object.prototype.tostring
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2397#section-2
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3492#section-3.4
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3492)
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3986#section-3.2.2
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc5280#section-4.2.1.13
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc5280#section-5.2.7.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc6455#section-1.3
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc6960
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.2
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.6
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7540#section-8.1.2.5
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#cannot-have-a-username-password-port
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-url
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-url-origin
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-parser
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-serializer
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#url
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#url-serializing
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams-stringification-behavior
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://v8.dev/blog/v8-release-89
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://w3c.github.io/encrypted-media/#direct-individualization.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://w3c.github.io/encrypted-media/#distinctive-identifier)
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://w3c.github.io/encrypted-media/#distinctive-permanent-
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://webrtc.org/web-apis/chrome/unified-plan/.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3F
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/%s
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5082396709879808
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5148698084376576
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5629582019395584.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5654791610957824
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5667793157488640
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5669008342777856
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5738264052891648
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5738264052891648Renderer.Font.PrimaryFont.FCPRenderer.Font.Prim
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5742188281462784.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5742188281462784.CancelDeferredNavigationWillFailRequestDidComm
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5745543795965952
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5745543795965952blinkAddEventListenerAdded
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5749447073988608
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5749447073988608Added
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5851021045661696.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromestatus.com/feature/5851021045661696.The
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromium.org/blink/origin-trials/portals
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromium.org/blink/origin-trials/portals.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromium.org/blink/origin-trials/portals../../content/browser/prerender/prerender_commit
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.chromium.org/blink/origin-trials/portals.The
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-line-terminators
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-promise.all
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-timeclip
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/5.1/#sec-15.1.3.4
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.google.com/speech-api/full-duplex/v1
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.google.com/speech-api/full-duplex/v1key=pair=output=pb/down?speech_recognition_downstrea
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.googleapis.com
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocatemacAddresssignalStrengthsignalToNoiseRatiowifiAcc
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.googleapis.com/spelling/v%d/spelling/check?key=%s
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.googleapis.com/spelling/v%d/spelling/check?key=%serrorspellingCheckResponse.misspellings
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp, criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.gstatic.com/securitykey/a/google.com/origins.json
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp, criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.gstatic.com/securitykey/origins.json
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B720000.00000002.00000001.01000000.00000010.sdmp, criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.gstatic.com/securitykey/origins.jsonhttps://www.gstatic.com/securitykey/a/google.com/ori
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.iana.org/assignments/tls-extensiontype-values
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.nic.cz/odvr/
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.nic.cz/odvr/CZ.NIC
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: https://xhr.spec.whatwg.org/.

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60619
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60618
Source: unknown	Network traffic detected: HTTP traffic on port 60618 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60620
Source: unknown	Network traffic detected: HTTP traffic on port 60619 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60620 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60621 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60621

Installs a raw input device (often for capturing keystrokes)

Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp

Binary or memory string: RegisterRawInputDevices() failed for RIDEV_REMOVE

memstr_1f3d34f9-e

Abnormal high CPU Usage

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

Process Stats: CPU usage > 24%

PE file contains executable resources (Code or Archives)

Source: installcriptocns.exe

Static PE information: Resource name: DATA type: Zip archive data, at least v2.0 to extract, compression method=deflate

PE file contains more sections than normal

Source: criptocns.exe.10.dr

Static PE information: Number of sections : 13 > 10

Sample file is different than original file name gathered from version info

Source: installcriptocns.exe, 00000005.00000003.1303053946.0000000005CD1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUpdate.exe2 vs installcriptocns.exe
Source: installcriptocns.exe, 00000005.00000003.1303053946.0000000005CDF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUpdate.exe2 vs installcriptocns.exe

Uses 32bit PE files

Source: installcriptocns.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: sus30.troj.winEXE@96/209@1/1

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

File created: C:\Users\user\AppData\Local\CriptoCNS

Jump to behavior

Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6740:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2132:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3132:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5444:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6928:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5696:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3964:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1996:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3956:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:528:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2576:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5148:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3928:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6208:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4880:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6556:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4824:120:WilError_03

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

File created: C:\Users\user\AppData\Local\Temp\.squirrel-lock-80FE40C371EE331E8AAC12FD0CE045EE05CB9C25

Jump to behavior

Source: installcriptocns.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\installcriptocns.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: criptocns.exe, 0000000F.00000000.2074063248.00007FF74C359000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: SELECT name FROM sqlite_master WHERE type='table';
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: CREATE TABLE cookies(creation_utc INTEGER NOT NULL,host_key TEXT NOT NULL,top_frame_site_key TEXT NOT NULL,name TEXT NOT NULL,value TEXT NOT NULL,encrypted_value BLOB NOT NULL,path TEXT NOT NULL,expires_utc INTEGER NOT NULL,is_secure INTEGER NOT NULL,is_httponly INTEGER NOT NULL,last_access_utc INTEGER NOT NULL,has_expires INTEGER NOT NULL,is_persistent INTEGER NOT NULL,priority INTEGER NOT NULL,samesite INTEGER NOT NULL,source_scheme INTEGER NOT NULL,source_port INTEGER NOT NULL,is_same_party INTEGER NOT NULL);
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);

Source: unknown	Process created: C:\Users\user\Desktop\installcriptocns.exe "C:\Users\user\Desktop\installcriptocns.exe"
Source: unknown	Process created: C:\Users\user\Desktop\installcriptocns.exe "C:\Users\user\Desktop\installcriptocns.exe" --rerunningWithoutUAC
Source: C:\Users\user\Desktop\installcriptocns.exe	Process created: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe "C:\Users\user\AppData\Local\SquirrelTemp\Update.exe" --install . --rerunningWithoutUAC
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\Squirrel.exe" --updateSelf=C:\Users\user\AppData\Local\SquirrelTemp\Update.exe
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe" --squirrel-install 1.1.1
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe" --squirrel-firstrun
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\criptocns" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1656,i,17898378316754652978,529011506488449579,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice/service.js "--log={\"path\":\"C:\\Users\\user\\.criptocns\",\"fname\":\"criptocns-n.log\",\"maxSize\":2048,\"rotate\":5,\"level\":1}" "--server={\"port\":9171,\"maxAge\":1800,\"trustedOrigins\":{\"warning\":true,\"origins\":[]}}" --service=CriptoCNS
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\criptocns" --mojo-platform-channel-handle=2012 --field-trial-handle=1656,i,17898378316754652978,529011506488449579,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "hash kdialog 2>/dev/null"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "osascript -e 'id of application "kdialog"' 2>&1>/dev/null"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where kdialog"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where kdialog
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where kdialog.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where kdialog.exe
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe kdialog"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe kdialog
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe kdialog.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe kdialog.exe
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "hash zenity 2>/dev/null"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "osascript -e 'id of application "zenity"' 2>&1>/dev/null"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where zenity"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where zenity
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where zenity.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where zenity.exe
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe zenity"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe zenity
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe zenity.exe"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\criptocns" --app-user-model-id=com.squirrel.CriptoCNS.criptocns --app-path="C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app" --no-sandbox --no-zygote --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --launch-time-ticks=4564869468 --mojo-platform-channel-handle=2308 --field-trial-handle=1656,i,17898378316754652978,529011506488449579,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe zenity.exe
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "hash yad 2>/dev/null"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "osascript -e 'id of application "yad"' 2>&1>/dev/null"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where yad"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where yad
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where yad.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where yad.exe
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe yad"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe yad
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe yad.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe yad.exe
Source: C:\Users\user\Desktop\installcriptocns.exe	Process created: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe "C:\Users\user\AppData\Local\SquirrelTemp\Update.exe" --install . --rerunningWithoutUAC	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\Squirrel.exe" --updateSelf=C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe" --squirrel-install 1.1.1	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe" --squirrel-firstrun	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\criptocns" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1656,i,17898378316754652978,529011506488449579,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice/service.js "--log={\"path\":\"C:\\Users\\user\\.criptocns\",\"fname\":\"criptocns-n.log\",\"maxSize\":2048,\"rotate\":5,\"level\":1}" "--server={\"port\":9171,\"maxAge\":1800,\"trustedOrigins\":{\"warning\":true,\"origins\":[]}}" --service=CriptoCNS	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\criptocns" --mojo-platform-channel-handle=2012 --field-trial-handle=1656,i,17898378316754652978,529011506488449579,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\criptocns" --app-user-model-id=com.squirrel.CriptoCNS.criptocns --app-path="C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app" --no-sandbox --no-zygote --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --launch-time-ticks=4564869468 --mojo-platform-channel-handle=2308 --field-trial-handle=1656,i,17898378316754652978,529011506488449579,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "hash kdialog 2>/dev/null"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "osascript -e 'id of application "kdialog"' 2>&1>/dev/null"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where kdialog"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where kdialog.exe"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe kdialog"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe kdialog.exe"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "hash zenity 2>/dev/null"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "osascript -e 'id of application "zenity"' 2>&1>/dev/null"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where zenity"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where zenity.exe"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe zenity"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe zenity.exe"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "hash yad 2>/dev/null"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "osascript -e 'id of application "yad"' 2>&1>/dev/null"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where yad"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where yad.exe"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe yad"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe yad.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where kdialog
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where kdialog.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe kdialog
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe kdialog.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where zenity
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where zenity.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe zenity
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe zenity.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where yad
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where yad.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe yad
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe yad.exe

Source: C:\Users\user\Desktop\installcriptocns.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\installcriptocns.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\installcriptocns.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Users\user\Desktop\installcriptocns.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\installcriptocns.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\installcriptocns.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\installcriptocns.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\installcriptocns.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\installcriptocns.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\installcriptocns.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\installcriptocns.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Users\user\Desktop\installcriptocns.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\installcriptocns.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\installcriptocns.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\installcriptocns.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\installcriptocns.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\installcriptocns.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: msvcp140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: msctfui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: d3dcompiler_47.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Section loaded: msvcp140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: ffmpeg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: ffmpeg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: kbdus.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: mscms.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: coloradapterclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: msspellcheckingfacility.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: twinapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: directmanipulation.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: ffmpeg.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: uiautomationcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: mf.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: mfplat.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: rtworkq.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: msmpeg2vdec.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: mfperfhelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dxva2.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: msvproc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.cloudstore.schema.shell.dll
Source: C:\Windows\System32\where.exe	Section loaded: version.dll
Source: C:\Windows\System32\where.exe	Section loaded: version.dll
Source: C:\Windows\System32\where.exe	Section loaded: version.dll
Source: C:\Windows\System32\where.exe	Section loaded: version.dll
Source: C:\Windows\System32\where.exe	Section loaded: version.dll
Source: C:\Windows\System32\where.exe	Section loaded: version.dll
Source: C:\Windows\System32\where.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\where.exe	Section loaded: version.dll
Source: C:\Windows\System32\where.exe	Section loaded: version.dll
Source: C:\Windows\System32\where.exe	Section loaded: version.dll
Source: C:\Windows\System32\where.exe	Section loaded: version.dll
Source: C:\Windows\System32\where.exe	Section loaded: version.dll

Source: C:\Users\user\Desktop\installcriptocns.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CriptoCNS

Jump to behavior

Source: installcriptocns.exe

Static file information: File size 87736320 > 1048576

Source: installcriptocns.exe

Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x5381200

Source: installcriptocns.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: installcriptocns.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: installcriptocns.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: installcriptocns.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: installcriptocns.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: installcriptocns.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: installcriptocns.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: installcriptocns.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: System.pdbF source: Update.exe, 0000000A.00000002.2299747007.0000000022093000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: netstandard.pdb.mdb source: Update.exe, 0000000A.00000000.1303554849.0000000000452000.00000002.00000001.01000000.00000007.sdmp, Update.exe, 0000000A.00000002.2254208604.000000001B6D0000.00000004.00000020.00020000.00000000.sdmp, Update.exe, 0000000A.00000002.2243154286.0000000012951000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System.pdbpdbtem.pdb source: Update.exe, 0000000A.00000002.2301545150.00000000220A7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\System.pdb source: Update.exe, 0000000A.00000002.2301545150.00000000220A7000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: Update.exe, 0000000A.00000002.2294425478.0000000021B86000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: electron.exe.pdb source: criptocns.exe, 0000000F.00000000.2074063248.00007FF74C359000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: C:\Users\ani\code\squirrel\squirrel.windows\build\Release\Win32\Setup.pdb source: installcriptocns.exe, 00000000.00000000.1176549095.000000000057F000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.pdb source: Update.exe, 0000000A.00000002.2295336873.0000000021BC3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.pdb source: Update.exe, 0000000A.00000002.2286850282.000000001FE4F000.00000004.00000020.00020000.00000000.sdmp, Update.exe, 0000000A.00000002.2299747007.0000000022093000.00000004.00000020.00020000.00000000.sdmp

Source: installcriptocns.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: installcriptocns.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: installcriptocns.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: installcriptocns.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: installcriptocns.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Binary contains a suspicious time stamp

Source: d3dcompiler_47.dll.10.dr

Static PE information: 0xF3329C94 [Sat Apr 18 07:26:12 2099 UTC]

PE file contains sections with non-standard names

Source: criptocns.exe.10.dr	Static PE information: section name: .00cfg
Source: criptocns.exe.10.dr	Static PE information: section name: .retplne
Source: criptocns.exe.10.dr	Static PE information: section name: .rodata
Source: criptocns.exe.10.dr	Static PE information: section name: CPADinfo
Source: criptocns.exe.10.dr	Static PE information: section name: _RDATA
Source: criptocns.exe.10.dr	Static PE information: section name: malloc_h
Source: ffmpeg.dll.10.dr	Static PE information: section name: .00cfg
Source: ffmpeg.dll.10.dr	Static PE information: section name: _RDATA
Source: libEGL.dll.10.dr	Static PE information: section name: .00cfg
Source: libEGL.dll.10.dr	Static PE information: section name: _RDATA
Source: libGLESv2.dll.10.dr	Static PE information: section name: .00cfg
Source: libGLESv2.dll.10.dr	Static PE information: section name: _RDATA
Source: libEGL.dll0.10.dr	Static PE information: section name: .00cfg
Source: libEGL.dll0.10.dr	Static PE information: section name: _RDATA
Source: libGLESv2.dll0.10.dr	Static PE information: section name: .00cfg
Source: libGLESv2.dll0.10.dr	Static PE information: section name: _RDATA
Source: vk_swiftshader.dll.10.dr	Static PE information: section name: .00cfg
Source: vk_swiftshader.dll.10.dr	Static PE information: section name: _RDATA
Source: vulkan-1.dll.10.dr	Static PE information: section name: .00cfg
Source: vulkan-1.dll.10.dr	Static PE information: section name: _RDATA
Source: hamahiri-native.node.10.dr	Static PE information: section name: _RDATA
Source: lock-native.node.10.dr	Static PE information: section name: _RDATA

Drops PE files

Source: C:\Users\user\Desktop\installcriptocns.exe	File created: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components\lock-native.node	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\CriptoCNS\Update.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\vulkan-1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components\hamahiri-native.node	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\swiftshader\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\CriptoCNS\criptocns.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\ffmpeg.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\swiftshader\libEGL.dll	Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components\hamahiri-native.node			Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	File created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components\lock-native.node			Jump to dropped file

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

File created: C:\Users\user\AppData\Local\SquirrelTemp\Squirrel-Install.log

Jump to behavior

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\where.exe	Process information set: NOOPENFILEERRORBOX

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Memory allocated: D50000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Memory allocated: 1A930000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Memory allocated: AB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Memory allocated: 1A850000 memory reserve \| memory write watch	Jump to behavior

Contains long sleeps (>= 3 min)

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Window / User API: threadDelayed 9339	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Window / User API: threadDelayed 453	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Window / User API: threadDelayed 490	Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components\lock-native.node	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\vk_swiftshader.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\vulkan-1.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components\hamahiri-native.node	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\swiftshader\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\CriptoCNS\criptocns.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\swiftshader\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\libGLESv2.dll	Jump to dropped file

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe TID: 7004	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe TID: 5208	Thread sleep count: 490 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe TID: 6588	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Queries keyboard layouts

Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809			Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809

Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File Volume queried: C:\Users\user\AppData\Roaming\criptocns\Code Cache\wasm FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File Volume queried: C:\Users\user\AppData\Roaming\criptocns\Code Cache\js FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File Volume queried: C:\Users\user\AppData\Roaming\criptocns\blob_storage\99c2638c-ca1f-4b1f-9001-5d6684703d74 FullSizeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File Volume queried: C:\Users\user\AppData\Roaming\criptocns\Cache\Cache_Data FullSizeInformation

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File opened: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File opened: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File opened: C:\Users\user\AppData\Local\CriptoCNS	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: VMware Virtual Webcam
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: VMware Fusion 4 has corrupt rendering with Win Vista+
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: VMnet
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: VMware, Inc.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: VMware Inc.
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: eb1a:2860eb1a:28201ce6:282012ab:03801943:22530c45:64d00c45:64d21bcf:298504ca:704704ca:704804f2:b3ed04f2:b3ca05c8:035d05c8:036904ca:709513d3:52570bda:57f20fd9:0066VMware Virtual WebcamMedia.VideoCapture.BlacklistedDeviceGoogle Camera AdapterIP Camera [JPEG/MJPEG]CyberLink Webcam SplitterEpocCam../../media/capture/video/video_capture_metrics.ccDevice supports Media.VideoCapture.Device.SupportedPixelFormatMedia.VideoCapture.Device.SupportedResolution
Source: criptocns.exe, 0000000F.00000002.2659980788.000002306824E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: criptocns.exe, 0000000F.00000002.2659980788.000002306824E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWO&h0
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: Gearway Electronics (Dong Guan) Co., Ltd.VMware Inc.Olimex Ltd.
Source: criptocns.exe, 0000000F.00000002.2659980788.000002306824E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWws\System32\en-US\wshqos.dll.mui
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: Qemu Audio Device
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: lgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmcIGfE
Source: Update.exe, 0000000A.00000002.2283567664.000000001FE30000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: VMware can crash with older drivers and WebGL content
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B964000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: Access-Control-Allow-Credentials: trueNet.RedirectChainLengthurl_chainload_state_paramdelegate_blocked_byhas_uploadis_pendingDelegateNet.URLRequest.ReferrerPolicyForRequest.SameOriginNet.URLRequest.ReferrerHasInformativePath.SameOriginNet.URLRequest.ReferrerPolicyForRequest.CrossOriginNet.URLRequest.ReferrerHasInformativePath.CrossOrigin../../net/url_request/url_request_job.ccOnDonenum_failuresrelease_after_msThrottling.RequestThrottled../../net/base/network_interfaces_win.ccWlanApiwlanapi.dllWlanQueryInterfaceWlanSetInterfaceVMnetGetAdaptersAddresses failed: 8Q

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

Memory allocated: page read and write | page guard

Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\Squirrel.exe" --updateSelf=C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe" --squirrel-install 1.1.1	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe" --squirrel-firstrun	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\criptocns" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1656,i,17898378316754652978,529011506488449579,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice/service.js "--log={\"path\":\"C:\\Users\\user\\.criptocns\",\"fname\":\"criptocns-n.log\",\"maxSize\":2048,\"rotate\":5,\"level\":1}" "--server={\"port\":9171,\"maxAge\":1800,\"trustedOrigins\":{\"warning\":true,\"origins\":[]}}" --service=CriptoCNS	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\criptocns" --mojo-platform-channel-handle=2012 --field-trial-handle=1656,i,17898378316754652978,529011506488449579,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\criptocns" --app-user-model-id=com.squirrel.CriptoCNS.criptocns --app-path="C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app" --no-sandbox --no-zygote --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --launch-time-ticks=4564869468 --mojo-platform-channel-handle=2308 --field-trial-handle=1656,i,17898378316754652978,529011506488449579,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "hash kdialog 2>/dev/null"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "osascript -e 'id of application "kdialog"' 2>&1>/dev/null"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where kdialog"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where kdialog.exe"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe kdialog"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe kdialog.exe"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "hash zenity 2>/dev/null"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "osascript -e 'id of application "zenity"' 2>&1>/dev/null"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where zenity"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where zenity.exe"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe zenity"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe zenity.exe"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "hash yad 2>/dev/null"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "osascript -e 'id of application "yad"' 2>&1>/dev/null"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where yad"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where yad.exe"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe yad"
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "where.exe yad.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where kdialog
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where kdialog.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe kdialog
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe kdialog.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where zenity
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where zenity.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe zenity
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe zenity.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where yad
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where yad.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe yad
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\where.exe where.exe yad.exe

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "c:\users\user\appdata\local\criptocns\app-1.1.1\criptocns.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\criptocns" --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaegaaaaaaaaasaaaaaaaaaayaaaaagaaabaaaaaaaaaagaaaaaaaaaaqaaaaaaaaaaaaaaaoaaaaeaaaaaaaaaabaaaadgaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1568 --field-trial-handle=1656,i,17898378316754652978,529011506488449579,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe c:\users\user\appdata\local\criptocns\app-1.1.1\criptocns.exe c:\users\user\appdata\local\criptocns\app-1.1.1\resources\app\appservice/service.js "--log={\"path\":\"c:\\users\\user\\.criptocns\",\"fname\":\"criptocns-n.log\",\"maxsize\":2048,\"rotate\":5,\"level\":1}" "--server={\"port\":9171,\"maxage\":1800,\"trustedorigins\":{\"warning\":true,\"origins\":[]}}" --service=criptocns
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "c:\users\user\appdata\local\criptocns\app-1.1.1\criptocns.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\criptocns" --mojo-platform-channel-handle=2012 --field-trial-handle=1656,i,17898378316754652978,529011506488449579,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:8
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "c:\users\user\appdata\local\criptocns\app-1.1.1\criptocns.exe" --type=renderer --user-data-dir="c:\users\user\appdata\roaming\criptocns" --app-user-model-id=com.squirrel.criptocns.criptocns --app-path="c:\users\user\appdata\local\criptocns\app-1.1.1\resources\app" --no-sandbox --no-zygote --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --launch-time-ticks=4564869468 --mojo-platform-channel-handle=2308 --field-trial-handle=1656,i,17898378316754652978,529011506488449579,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:1
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "c:\users\user\appdata\local\criptocns\app-1.1.1\criptocns.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\criptocns" --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaegaaaaaaaaasaaaaaaaaaayaaaaagaaabaaaaaaaaaagaaaaaaaaaaqaaaaaaaaaaaaaaaoaaaaeaaaaaaaaaabaaaadgaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1568 --field-trial-handle=1656,i,17898378316754652978,529011506488449579,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe c:\users\user\appdata\local\criptocns\app-1.1.1\criptocns.exe c:\users\user\appdata\local\criptocns\app-1.1.1\resources\app\appservice/service.js "--log={\"path\":\"c:\\users\\user\\.criptocns\",\"fname\":\"criptocns-n.log\",\"maxsize\":2048,\"rotate\":5,\"level\":1}" "--server={\"port\":9171,\"maxage\":1800,\"trustedorigins\":{\"warning\":true,\"origins\":[]}}" --service=criptocns	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "c:\users\user\appdata\local\criptocns\app-1.1.1\criptocns.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\criptocns" --mojo-platform-channel-handle=2012 --field-trial-handle=1656,i,17898378316754652978,529011506488449579,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:8	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Process created: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe "c:\users\user\appdata\local\criptocns\app-1.1.1\criptocns.exe" --type=renderer --user-data-dir="c:\users\user\appdata\roaming\criptocns" --app-user-model-id=com.squirrel.criptocns.criptocns --app-path="c:\users\user\appdata\local\criptocns\app-1.1.1\resources\app" --no-sandbox --no-zygote --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --launch-time-ticks=4564869468 --mojo-platform-channel-handle=2308 --field-trial-handle=1656,i,17898378316754652978,529011506488449579,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:1	Jump to behavior

Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74B096000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: ../../electron/shell/browser/ui/views/electron_views_delegate_win.ccGetAppbarAutohideEdgesShell_TrayWnd
Source: criptocns.exe, 0000000C.00000000.1968329647.00007FF74BC78000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: ?@../../third_party/webrtc/modules/desktop_capture/win/cursor.ccCreateMouseCursorFromHCursorUnable to get cursor icon info. Error = Unable to get bitmap info. Error = Unable to get bitmap bits. Error = DwmIsCompositionEnabledDwmGetWindowAttribute../../third_party/webrtc/modules/desktop_capture/win/window_capture_utils.ccFail to create instance of VirtualDesktopManagerChrome_WidgetWin_Progman

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

ID:	1531119
Product:	CloudBasic
Start time:	21:35:14
Start date:	10.10.2024
Sample:	installcriptocns.exe
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	100bea48a4b460d6ece41e5d2e4606ff
SHA1:	82baeb342027198331c05f5cd20fb5b9f27591b9
SHA256:	e756c94d07706aab45372a01e07c642ab4a8c1f011bd5895c1df6569c64740e2
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\CriptoCNS\Update.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	6FCBE10724D6C767002A845C0BBE1139	18B57D7646DEB32B5681934E2921E98F55818246	28A913DB4008030DE78F2E5C04A27BC81DBA0C4147248B95078AD1ACA2D1AC9D
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\LICENSE	ASCII text	4D42118D35941E0F664DDDBD83F633C5	2B21EC5F20FE961D15F2B58EFB1368E66D202E5C	5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\Squirrel-UpdateSelf.log	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	266E99F71F9F7B2084216DB4FB8C8848	DA6A9E3A98D06088CB917E1C9E26A940F3F72077	7EC4F86AABE2123FEE09EB9464DBA2877C45270725A1DEF4D6E0B23AAB896721
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\chrome_100_percent.pak	data	237CA1BE894F5E09FD1CCB934229C33B	F0DFCF6DB1481315054EFB690DF282FFE53E9FA1	F14362449E2A7C940C095EDA9C41AAD5F1E0B1A1B21D1DC911558291C0C36DD2
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\chrome_200_percent.pak	data	7059AF03603F93898F66981FEB737064	668E41A728D2295A455E5E0F0A8D2FEE1781C538	04D699CFC36565FA9C06206BA1C0C51474612C8FE481C6FD1807197DC70661E6
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	PE32+ executable (GUI) x86-64, for MS Windows	EAB112A35B65CA5236B6CFD227875F1F	0A11C97DD3677CF4581A1C470FE59EAD18B84146	BDCA095F79B5934EBD27ACCD6431D77269BA9A1DB5E1213B89FC1EEABFB9668E
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\d3dcompiler_47.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	7641E39B7DA4077084D2AFE7C31032E0	2256644F69435FF2FEE76DEB04D918083960D1EB	44422E6936DC72B7AC5ED16BB8BCAE164B7554513E52EFB66A3E942CEC328A47
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\ffmpeg.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	B4AB376B47A1A55E929CAB51C3EF8787	724380C8D7C6ED42EFF119C69885D2B771773B5D	239F8596BEBCD7E1E7718B642AFAEA8329D68E64EC0FAD8BB34191530204040B
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\icudtl.dat	data	D866D68E4A3EAE8CDBFD5FC7A9967D20	42A5033597E4BE36CCFA16D19890049BA0E25A56	C61704CC9CF5797BF32301A2B3312158AF3FE86EADC913D937031CF594760C2D
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\libEGL.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	317D11009F0D8752F06BFB6C97B4A2C6	3784C0CDEC8C863D52726153A21D0DDEE31C9451	9807AA4D933B8FCDD3BA8192A0913C10537762B23AE100C71EAE71CF42956B83
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\libGLESv2.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	4070DA0AD4EC4DDCADF4C49FEBB53371	384FD740D21B680DEBD20C46E223C1773325B0F6	C8A97EFCCB61946E0050DA0E2702EFF98E6BDE5F79B8FE674671E7ECC38BC6D0
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\am.pak	data	A837FBA4DFB4D4CD4AEE335A1F4283F9	C1E18297525D3148B322B344943B786D03BCDC85	FFC9F94021D749028DB9BCFA7B459CB12F0EAFBB0E6C1075384F6E9FAF6A4E08
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\ar.pak	data	9B610C0107724603B19893C4CCC551A0	37D987196C640861B336628D67E22EF283115E7D	F9D96AF7D5EF9E0B4F4EF133A98A64B4398C7AEF04E20688B523E6EA27C61F15
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\bg.pak	data	B31D30DC4C35C73B24FF99FCA4DF2B09	218DA4F9F6749F4F38D46C6A784164C2FE6E3C77	B035D2D6C7F9465D5004FF4C57A986D7B97F117475280C04547AAE7B6C061345
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\bn.pak	data	ECFF6F8DC301B6B435DF5E44C2AE8A2A	6FDFA4136F3BB5CCD9E4E7B4706DB98F17F85C1B	3250ADECE302934B9A78569D72CA70E596D91865455D5274CCF8D651CCAC5350
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\ca.pak	data	31A034D89075C0660F25D693CB759A36	DDBFDB8523F4093797877EA6D587D0B30B8C0D95	BA258EAF322BD3C4F473F82249DF55E6F5BD55B81D69E98C0AFC43127A6B6CE5
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\cs.pak	data	C64366988F8D46B6912F2D6BE0120B1A	3A33FE58CA30F41EA341CC9B9413A6CBDD6A1E4B	30FD14794EE1088D37387F42E5D366F962FA9273EBA8CCDD9B950646D2DD6172
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\da.pak	data	9FB8A421CAF18588B494C3F34D8764C6	201AC33074C76830893197AB9382EC84553F1794	0997BE868557F97F013242C066B192E574B4FA553D13F37F97A1DE714B95A858
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\de.pak	data	A4D8EECEC2747FFB12551AB8E93FAFDF	59AA4C3A7179C46C7699D0D918DD92722A614DEF	D67F95E2982E7DEBF67741B88CE054F5BB8356021A280E092227B77EC82E298F
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\el.pak	data	75FB5812110AF60093AD07BF9BCDE58C	6ECD390D353C1100F0EEB35941924704006F9440	B5E08B47B4FB44D43C775BBCA7E0A311D7A2C976E17F3F0F67C5FECCDE1A9BAB
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\en-GB.pak	data	998947B55A25776181CC11110902F6D7	A93272EB26EB9977833FB809DF593759F2533570	FCBCDFB71363750A9E404A365A00F196C9ED4FE149532580F149811475B45636
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\en-US.pak	data	5CC884BF0EC1C702240173B35A421D1B	19BDFB0B31DC4A75E7C135D1A8EF76F5F6CC3A31	9F0C75C84381360677055D6197812C7A6C42DBFC6134EB8212D8A60ED1CA1601
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\es-419.pak	data	10B1D1097987EA050A5791ECEB5EABDA	C0812FBC16592A39CD1600196E62D0000B22BD73	04B24396CC017E1DBB0BCA7371D7CAE10CAD2350DA661A8A035B572AA76CBD49
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\es.pak	data	D31E3F8F5CA7069AF16E7FF45D98C198	FB1C23B5C692FBFCCA83118EF813BB1860402C8E	EF3357C8B1905EC95A8298DBAB05BD9678BDFBDADD92D75C9BC9A014917667FD
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\et.pak	data	52CF907E12F656DFF9CCFE845C22158E	4D4DE85D8856EED106ABFA7E2654B2A0BA808392	862905E325A73C4581C346BD61031FFB1D6E8A9E50A8D632150FF3CB41C1B435
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\fa.pak	data	28FD9EF045BF0FAD9F69D8B2AB81D64B	0F14F0B2BA89BBD848DED10778C989300D964BA8	C2554EBCB884A9132AEF2470F9EED4EFFD948105BC14CBE533EC80EEEFB4C732
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\fi.pak	data	DD7E21B02BDCED910A171D592FAE0B18	CC28F1B8F0B06E71DAC3802EE26F644837982FA5	9E1C20ECDBE9D15386ED493D0AC839612CC91A2284D5A97D9DC38EA2C90A3DC1
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\fil.pak	data	9F3A970C8FED49AC50BDDBF09DD9A950	E8B986D42D4A79C513BF2DA3D3314FBF55A2A960	7A4C4822516F47CDBABC4B9EF45B710B057A056BC29D3A4A270A22E963E257D3
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\fr.pak	data	0CBA0D676020D185AF51D34C5B1BBA1E	4A7122E07675E6FD49F9BF09C4AE8CD0270710A1	57C932480AEA085A9D4DD207455C550DA4B90BF4BB8D86252A85534D21C9706D
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\gu.pak	data	45943AE45049D9B7D76068D3721D6C8F	0BC3F9B24F0C8CA0078AC7780A21F623B8D7F9E6	AA885CBBF8A13FB95405CC3DCA6677545FD51E303A65897D14ED019955C040DA
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\he.pak	data	4C9C9DF23462B77D8573C641D9590FE6	46E8ACCD323E9297A5C22DCB9448EE4D2BE888A8	B6B409246DA3AD5041D5BEB42755FC7B971A94664C736C6C68CB4615100ED81D
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\hi.pak	data	6924F9122A4F7BD85F5418FF0F1150DB	587FE9CBFBBD22D5AB91A37258F230F57C49CBFA	C2C913C5D8BC322A8095DFB71D8F1C1C53B93F0EFC28C5BF8EB6941613944661
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\hr.pak	data	98B53FCDC13E90C0D3E0F76A5E5297FB	42F45E2ED048CA3388ADA6D476086C942E070E95	8DFCA22A074A0C465B564B8DBB5B7823EE9E783A5ED9D0B9AD07826EA58F31B4
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\hu.pak	data	873CA729BBFEAB336795E1696289B191	BEF9CC201BCA2D433E2DC183C96425A542BC3F01	D7C29C66D265129EDE1019C708BD0A358D6B820366509845834752EC2EF705DA
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\id.pak	data	11A4F531767A09ED609ECE9B4EC665AC	58D625C5FBFEDD2309E667690EF1E4C58502F2F7	3D2F9874A2FB003961C4080BB20C2318EFA6C4EB6A2276BA1460202B14649F86
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\it.pak	data	D4885EA1E0ADBA90CE1E7FF77A65E00E	55DEA32AE0736D39F66B56364967AAD2218EFB9C	C3975141F7FA00EE1C91A753C7AE4F61AA451CE2F35447BE452DBE347753BEFD
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\ja.pak	data	8D2F2BBED6E65CCBFC5F9E3D981545B8	0B0526FE4EC0C6C289AEBEEF1C93AC38FCECDD95	8D74251C0D41A8C43A5C1212B6873DED02FD9BCFB4A798D7D9E4CF8CEC551E02
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\kn.pak	data	33BC5AC34A95379D58F9C42CB21A92E4	0F4EF0A9A40E9042F3B744B5B87FCF00C08FD7E1	99C8C57A808C63088D3E7B83DCF7CF80FB2A648D678A7C9473F2B5CC0BEF8152
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\ko.pak	data	7FF011AE4E5FFD05736F99888AE9A8CB	544BF65AB5FE462FAADCDA88E2E5DB0009169123	5BA83651D941CB9F87B961F735D5BFB0E249878255129BE1D8E8D6BA5D903D76
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\lt.pak	data	90847DC4F0387C80DD00BAD7B001A879	B7543FA3A3185201EACB2CBEB1F6EF667CCA10B1	FB5BB8AA591D3D8D7557FB296317C30DB3C4D5C9F438FE0A43A94B974B9286A1
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\lv.pak	data	7156756799915C2E958BBA054326AAF0	3E51AE1FDA7ECCD09EA5E71FAE73723DA040E954	47B07B816F8553A731386A07CB40072FE977B396688968B4C92801DDCB408978
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\ml.pak	data	6183544A4F554D40A211C8E0376C95AA	A9E855BBD03CFEB96DAE4C52E6A577B9F0374184	2B5C12D6628B1835D5658085C04F9DCF0D792DB603A034264E70D86F8D43E044
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\mr.pak	data	80B49D820F83133B9EFB9AC2CA102C83	6E2D370C74891BEF70768F051E4BA0483D6B5C1E	DF72EACF4938F4912F5BAE563DBE7E81A758A7E8FFD49F14502F6D0B5DAB6F27
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\ms.pak	data	E63159C383E4715EE4A745FAEE76B62A	B999005870D7D10E3200CC7A1DDDE23226F9A86E	3F06B53DA567E379380C0F6AEEE3121437EB02AAC2B4214EED9A19C5C327E9C2
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\nb.pak	data	050FC84B6A0D1BE8051B154660B8AED3	915DBEB0486FEA638040FB8E83DC99BA3FE45F12	4831EA26EF1AE71C969FE2A1BCE2CE9A2B800FA29E82E32663376A7E6A5E076D
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\nl.pak	data	8626ED5522AF3CFBE65D302156A7D6D6	D583A6835A12B53ACD387D23845D2B3FE72E2E62	07FC91C4CED0BCFD2DADD344BE28D0A81716EBA95B2819BBF130CA48097D1D39
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\pl.pak	data	999ED3F4123A1479D43AB2DC9028EDE9	346A3C515D01929A4FE3B33C42A3AAD5FE731843	4174B220824334D04BAD161309D342A647433FAE7C353432E34EAF49EC8787CB
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\pt-BR.pak	data	65FBFCAFAD1CF908BFD42F792BB56029	CDA161A3A9E03BEF82C0BAE31B9811FB46B9D2DB	1F8BCADD33F40CBAAF5E0ED8B07CF595F9FF9010B92588DD3D36EA49DD413908
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\pt-PT.pak	data	E363AC85EE33AEC04B55BE519D5B9F60	D57DB1CC6B2E4B5CED740EE8F17E8284C8584A15	1E0ADBA42A53298ADB6073233122B9144B13A0055C0C63970EACE4DB0855064E
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\ro.pak	data	7DEC35BF49CAD002646CBFF12E61FF37	8F61511836CB693A9F4278FE9654C7C7993C6191	62A870BB0C87655F26D188127A7B1073437996A39DD1A9857FE4DA1860C34015
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\ru.pak	data	C3890B4D2C6EE62CEA86129DF41363E4	7AEFA870A31810683EA186AAE4208E827A4379C9	0D6802FA9C81A80D224DE4B5AF65BF6B9D2B13A94BAA5BB379652EC16319E91A
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\sk.pak	data	0B9599388DEC973FFEC68A5738A848F4	0A0AAF4F9618CF867A1BF1E5BC6B8B21B46C4870	E7038A23BE62E4A476960B935A6C528AAEFB781B28FDB7E24B3D830B5C02F10E
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\sl.pak	data	3BF6C4AA2129B4B535637AA6727FB1E9	569BCFAB7176BB9833A02B5853BBBEB3165538CC	CBFF2DBB38D4D95FE7C811E0ABDB0B92AAD621E5C2C1EEDA3C394DCE5CF1D34F
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\sr.pak	data	45C129A8DAAEC7088A0E20ABFDD2CD56	8A13B5BBDA53734F1E75994C3F02999E78DD9234	E7B55C695F05FBCEE245C59A15A5931A01BC856940FE9515CA46C69E9E651FA8
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\sv.pak	data	A9031AE889358220271C46D592D4D246	50EEB2F03FECEAD7AED72FAFF7DCAC8CDD1F68DB	0A2EDB7741AEA00443F4B858BE554FC36F11BCB987DA6D8B8B222AE311F7FAD4
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\sw.pak	data	CFA997625093F73C9711CA91414E1295	A05D123C9C3585049DF29226C877A5FBD36FB6A1	EF1C968BBD2D0723CDD0AAEA79ACC9A98D38FD6230EA9D1E201748F449E15833
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\ta.pak	data	AFBB6F8A11ECB993E73A530E2682848C	950D0FA6CD4338084B5FFA72EB49F79B07830466	3D16A99568173AD5760BF195B047C8850E39EC8D308A94F6C81CF7BA733F6F5F
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\te.pak	data	DD4A5654C4D436E05886A8D3AE344569	5DDC1DCD327AC71DC097A553E3307D4B555184A2	437983BF251B4EEC807CB2B92E80EB523A2DECEAC704E0FC70AF2E5C355B5370
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\th.pak	data	F0A3CE8609D1CEA58D4D0DFC47D433F9	9F0497E31AC881960C2B9CE3F75FAC98D6EE300B	31F31B2985C2AB430D373DD3D79821DB0674EDEE163B4AE74DC362051CCC1491
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\tr.pak	data	129A9DA61F582452F5F8D67E434054E9	BB13C33A138B7C765D5984673890CE7EEA8CC30E	C7A47A79A066DB6DF676BD64E58EBD60A0F9270D2F673F2297DBE194E66BB2AB
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\uk.pak	data	6027526062E6F51A7C99FEEBC9AE1947	10D7346A8D6A4DADB48BF7720303EF39F76A564A	5DDF9212CBC6696941547B2E57B02092517BFF6E70529F2EE14D0F593610E14F
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\vi.pak	data	22DBFAF98AAEE6F87AA12F08E70FE533	136BB84327D4BF20824E07C938F5CCB5751A359A	2879D8E94CC5904B19F4429AE48B9F4EEF0C8D6F180740206C7EEBE494CDE042
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\zh-CN.pak	data	B2E2087F9C688DC3EC45A55742BEDB6A	8EFD0726B46FC67CDA9FDC9989C707C23C7B031C	2B255293F6C85ABB09162C825AEA120C3E695156EB952D26D1E5F505BA324B37
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\locales\zh-TW.pak	data	D144343133C4CEE52055F69B17DED754	DB62999A7293BA6CE1259C257FC6EF4E37EFFA9C	8A1968983374DD9FA3EDEA38B45C1C5767CE7CD29610E3C30C176D2016AAC9A9
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources.pak	data	39933B34AAC7271DB1BE82D4BD9F50E6	959B95DE58C4B362E6695130545DE86A08AE7B62	38BB20864E6BF51708CAF55A886E79070ADB416A55E8FB3AB7901E8A03CD1AD7
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice\ask.js	Unicode text, UTF-8 text, with CRLF line terminators	8E2603342B10A2B1980578DCEB3DA8AC	0DDDEAF67A8FB6E1CF7B583DDB84335FD330C335	4DBA2ACBEABF743D92051E456A5CD368563B996AE04411A29E4811F4EBD05758
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice\config.js	C++ source, Unicode text, UTF-8 text, with CRLF line terminators	E0C3BA68CDCF816A2E0EED05A25EA77B	0025B9A61308C7826CF1723F46FE88B5E9249D60	1FB13716A371E904F9FDF7873935D1BF6D79EB3C890C94F29D3CCB9FDAE2F253
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice\distribution.json	JSON data	D8C062A08BD3A7D8EA823E606416645C	A12C5175716304EE6CEEE46B5BA00876E6C664D0	83417E7A39CA3F298F950F89B09350AD03ECCA0F087A06D609BFA30EB7C0F2EF
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice\main.js	Unicode text, UTF-8 text, with CRLF line terminators	6489E07F40D8E6FB350AB00CBD067705	27DC154B5096860491478B57A7E9D7C85127A111	7F19133A9D8D3013290ACA93EF0A798F44E426AA4EAA7186AF639386C8014F31
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice\module.js	C++ source, Unicode text, UTF-8 text, with CRLF line terminators	E6D0BBCA00C1CDBA61512006FBDA265A	3967A40E97C80E904E1EC49FEEA589D0E7DF9E24	81F873CA8EBD478DC01C33D1F8EEFF94C70075B32643AE4CDDDD038CB0018732
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice\options.js	Unicode text, UTF-8 text, with very long lines (477), with CRLF line terminators	CCA576A143B774C5E07180B5D4EBD6CD	E84F2A46F6D9797DCEC5F0F35C4785DF587D0190	341F16CD158FAAB171FC47E33923F53EA1EB6340ECF3B0CBBDC7054FCEA6AEBC
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice\res\ask.html	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators	93ABD61115EBFF128FF57C0A63ED69A4	8B74FCE82467AE0ACCAE6A77E70259C5671738A4	B478ED377B7DC0A30DBC7041AD59B261F814E2AE6C589F544D5498561EE6DC87
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice\res\defender.png	PNG image data, 521 x 373, 8-bit/color RGBA, non-interlaced	30E4B3D055D278E06DEE669C14A29555	0E24FF7372E16077BF5A9866E6645D1954CE97B5	4D65712DFF8F45BAAC30DAB5A959FDBB2BD704CC579435BB62D2C948121DF04F
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice\res\help.html	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators	6E4367001B83C51EFF6AD81E6F61CA28	07E3003A6C88406D86061101A1D341F45AA859E6	9CC5AF896234E25F425A938EEE1EDF5A8515D2040BA2217E5E5AE3DB964B4B0A
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice\res\options.html	XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators	B29F6C174450A49D52223BF455ACF91F	D3776D67C6E7416D96E9D7F439652AC2C224F427	CE7EAB447AB96F1F544FA88BD844114B43B537AE6F1416D2193261D1A8ECCE2B
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice\res\origens.png	PNG image data, 784 x 470, 8-bit/color RGB, non-interlaced	1C191519AFD287E30CFE0CAC7F451915	C6A02C9E60DF1622357BE4E562D4F2B1ED53FEA2	70C9F7D39AAB5F6C56ECD112F1D7FE3D8C3F46ADDFC7993712E8C7627B67B977
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice\res\signature-32x32.ico	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel	485DDC69B5B9CE121543C032E0CE8FB1	47CC6076E1B5AE4A5A7022FA35772794CD12D876	DD31809BD70C649B8F7B43917BEA0EFA3683408D69314297D782DCD744C57D75
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice\res\system-tray.png	PNG image data, 340 x 100, 8-bit/color RGBA, non-interlaced	34994C9C40240235C3E15BF6273CA924	512DC4FC09CC6E2DB9C6364BD2CA88C7C51BDB7F	E03E5DBEC899A2864F97509C99FE3E6B41C1744294D37225A08434A750E23880
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice\res\w3pro.css	ASCII text, with CRLF line terminators	761EF5317FFB07EE8F0D87E82B223B05	74E676980E17BB9A89A342425190C0216E16C095	F995F439838C0E107CBD7FB1B4AAC1BEB4F3BB719B1279EDF0193F301BFD9F24
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice\service.js	Unicode text, UTF-8 text, with CRLF line terminators	8D648C00FDAE3535A1571B6281D8FF61	6059A0E5BF2779939E27F4D3FF84E8B41CA0AD13	AF358D26002BBD55954A7545DAA67F8F02106FFDC9493A0B566FDCEC2E004DFF
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components\aroari.js	Unicode text, UTF-8 text, with CRLF line terminators	DE2D832D7E2570A0FD69A000F6FC291B	85361260820226946DCC1B0369F880E7497C6013	756661344353624177D73E8D7A52951451205214431404A9F8F30D3DC07B10BB
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components\hamahiri-native.node	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	EF1886E54816226B9048E64F63F09538	02AED4F1279CD3BE1A664F872BD8086C0D39D169	739E16AEF535E67018012DF41C081A93E709F01C34ABADC83631188D6271A38E
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components\hamahiri.js	Unicode text, UTF-8 text, with CRLF line terminators	3BA2972AE779B44018680415FD1DB8F4	968741D0CEC4416E869DA1B8EC8AE82EF77AF259	CA405C54C25338B6ED6ABC9443E6838476B74C2F8213005ECE7523BE455C27E5
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components\hekura-schema.json	Unicode text, UTF-8 text, with very long lines (16573), with no line terminators	60EDAF2085CEEAFE9DA771C54E6D7D79	9C3D18468C45830D5B90B03BD7F301FB0008499B	DF078546F569E89F9080FE19065BF8EE6DB5A2A4EDD3EEFBA20DC270D340F937
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components\hekura.js	Unicode text, UTF-8 text, with CRLF line terminators	C2C1C5C8E36AA67A4B902652AEC5E7CF	F9C4235373506198ED31757277848E7DEF94F987	A8C315655524933B310CBD3C8D63C2D2527E2C46F7F043FB1E9BCC10D93CE9DD
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components\lock-native.node	PE32+ executable (DLL) (GUI) x86-64, for MS Windows	B9FC6C1F35F82D52B515AB1F79218F37	DCF9D10D6EC70393D0E946E8E9F1DA6AF27C8A08	E7322F52891E0C7619DF396B52B8F1B3288FC04534C19660DC9BC3504A222C3E
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components\lock.js	C++ source, Unicode text, UTF-8 text	E61D3CDC1CA1E6B340C4C0816671D434	1F6CCE79802A9A89B4A7328295FEB86B67D074C0	6EEC9C028B6B4A029B49104A06EB98414A5D3AF50296A1F3726F81AAE9859ECA
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components\options.js	Unicode text, UTF-8 text, with very long lines (479), with CRLF line terminators	66F43EBCB38335FDABC0D1ABBF8F67C8	8305942DFC7E4E5BB51EB85F847148B2EB6CE4A5	CBB1DB5012235FAAD39F2237A7B34DB41F33DB188CC50385217683C21EABE723
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components\update.js	Unicode text, UTF-8 text, with CRLF line terminators	527EA7EB3691F6915E68FA5FE9D11DCB	CF478E69003F959686432D412F8E996682B1A9C5	45DED72309D51313C03E504F1877EAF0787F0B2A8102014E5B3BD4B38F80D24E
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components\wanhamou.js	Unicode text, UTF-8 text, with CRLF line terminators	43FF1CF8DC95D60982F8DF7986667284	BE18FF64250ADAF5C6526BEC707A1BDB89E32F08	0B3D1DEB592AEFBA11BE90B79E5FDB360043CBE4AA152C749520F505C462B1B7
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\alert\.editorconfig	ASCII text	A3F5DDC68F8FCB8C035B8B74F2BDA1BE	E109B259A61E0ACC51CF53EC8A666F0DAE714B61	1AB41350B2E11BEF57C30C88901CEEDB4B17E99657BB9C2A3D4F62329BF49DB1
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\alert\.gitattributes	ASCII text	CD632201A5C62C3EE7A5B15FABC491AF	125B290F11E83463A85C9E92492EB85CE0E8CC55	C813DBDC8A5D173FAC4768A8FBC792EB6B6759B1E4A784F83B185AF3D4C5D145
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\alert\.github\CONTRIBUTING.md	ASCII text	8BE9295BC256461C026888053E5D7B02	5F98C68DA9F9F085CCBFAC3800A6618CF144C18D	36AA1EF457E1D8FB080926B0DEA4A4A331C5B9C03ACA1ED509AA5F59C7D9BB85
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\alert\.github\FUNDING.yml	ASCII text	7056F2DCB0BD0B0B934B3E3A3332459A	A8616B7D5D08F75E0B072E626C56F0E6E9016F18	518391898E1EA30E6B972141D722DA116E0B2EA834F86DCA071F94D6F24EE4C8
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\alert\.github\ISSUE_TEMPLATE.md	ASCII text	663F6DAF8EFF00B135E72E9FEF927D48	A67B9C651DB4140A9380ACF04F9FF103241D0311	BB39204E443771D6A19C2B3593263CB421CE89600EBEB831719B921C0E39153D
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\alert\.github\PULL_REQUEST_TEMPLATE.md	ASCII text	1BFE5958549F06EA0228E18200117F57	CAA05A1E1944F5505F7F8146513658E9DE71FE31	D1D4A854008F11F2338FD9A9DB5FF2BA9199DC41CB640952E564D0D1BA90577D
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\alert\.github\workflows\test.yml	ASCII text	4B542210FF50317FAF3289FC1CCF4770	DBB049733F792CFCF1942537A064D38C0F2089AF	9F537C78CD2E968A28A56AEC7F361D0B5151E875D1AEC4F55081BAB3FDCC8897
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\alert\LICENSE.md	Unicode text, UTF-8 text, with very long lines (460)	CDC8D054D1ED2FFDC90CAF857C2AAE4A	45B1AB6D36826167A6AD27B907A6C750311E6CEE	E1434846E5D4E30C300E84247D65704CCEE62D96E50AE44357905A25998C8DDD
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\alert\README.md	ASCII text, with very long lines (303)	F19A6C484628ADD07D03AFAE3A0E164A	F1EC809DA80890D29CA3002A82EA6D7B3BEB7E54	0ECD28EEADD823323BBF49ACC423B5F29CD352AC927766B01EB50B98B9A20EE5
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\alert\alert.d.ts	ASCII text	62363A26B4A55D7EB68F2BC5CFD56A1F	D9C4D669A13DCAD777427301A14A4F2366ED7DD5	258B2345AB79D75523E5F5E3BFF384C0462013F93561FC208493D4707ED6310B
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\alert\cli.js	a /usr/bin/env node script, ASCII text executable	0B77A64460A4640AB07D0C8176A906FB	649B9F0F5FD647AFD689BBE3BEF7453640C0B0E9	0C70F14067AC18F74DE7CBDC86BDEE085D9D02C0C637162220F5229F0D3A6C61
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\alert\index.js	ASCII text	1F83E3D6D767C6C6DBF30B5CCD036E7D	4FB898815FA2B77A2AA60A817BD0933EB458BD41	180C36A7628DEA51B8A56F8FB3DDC16B3C66C3FD353E74EC3EC24414351E87DC
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\alert\msgbox.vbs	ASCII text	6ACBFCFACE76E6281A9EA35A555B020D	B6FB59BED8A9D4932E550647E965848C794DEBE7	B19A408B974A4E9BC7AF2CE7EA8135347CACA16F9C45A6AF43C6A895702F3B89
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\alert\node.js	ASCII text	00C3663BA784AFEE40E9F30E6F680535	7745EB11FCBE9622133189DD56C9105D02DDC0AF	B67D00D6A97E57C01A614571516F4E0AC4156C21800491D43FE79D104068D3AC
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\alert\package.json	JSON data	700C14CCF401F417B8EABF30D07C4215	C1A277DD4D6EA58CC003C7496D6AF4C0B5CA3C33	9BE921454F520ED400D329C1655963302E10542954A94C31E58802290D6AFEE2
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\asn1js\LICENSE	ASCII text	2B2129BA785A9443F9EC52612D794226	7B0C0BE7032A6AFC8C66730113FB933A430939CF	5622A98E6CEDA928562A697E3DB9BCBBF5870BFE5BCA468A355A122A8C5EF13A
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\asn1js\README.md	ASCII text, with very long lines (537)	F90105234DA799E1CBC668CAB218926C	4CACE9AB6F4A066DE41B28840747F552FE7ACCFC	7135EE37632D0188EF6B30644462D0D875F40A37F76F9DC014BEBCB70116614C
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\asn1js\build\asn1.js	C++ source, ASCII text, with very long lines (998)	14D9B067A7FC7045D7C3CA7D55CD346A	9BF36FA77A70774D8F2A48323A77084284385754	87474F453B128A2B9CAAD480A52FE85B5E2B158F89F8541476A4FB11D48B014C
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\asn1js\build\asn1.js.map	JSON data	65C8902F3A691E2E43EC3D81E951AC66	3E7C2E6C94DB3E4DC926F63174514419AC0FF5EB	A886976304313F086E9A42F0898242C80C0D0A9CC5E5EA64F8C1DE2DAC6CED50
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\asn1js\index.d.ts	ASCII text	C03E2CD05AE3FA07218F890BBFBA865D	BBA21A12EE0E6A91D8A71141D2BF9A7B801A5104	DAA693FB20D704B289BE911671B80E51CC98A073FED89D4E62D59A4822221353
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\asn1js\package.json	JSON data	EE318E65CF29F4AB2611F5697DCBF68C	47B4DDF83CBAFE697BA298E7E72C960277C0A6F3	969408E3CA8B12AD0EAB54792F1D39F94E274C266D4D47D1608434710E4BF471
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\asn1js\src\asn1.js	C++ source, ASCII text	7A97160B890824F33EB0EC6083AE7C0D	5519FC5ED6033D12EB6D59958816EDEBC48E92EC	583627F5B1F3FA11FCECE0EC58FAF61B822871B340A27F3B5E7B6D370CECDD4C
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\is-program-installed\.editorconfig	ASCII text	F3582D089830A98D35D473A7CC5B963E	1BF8B8644DFC3C70A1ED81E3293397BFFA05C5A2	16A8333081AB14FF05C1E90D0405EC84DE17C9F8DDB01DC18434F2EB1AFE7109
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\is-program-installed\.gitattributes	ASCII text	8D4EB80358774BCA0AAA491FBE49B93F	D0C4F0BB46DC37531BBF44C42382752521CD84FD	F57B53E11BA10E4542B5C014F58D7CDC0EC1198409F38F310835714AEFD3DEFA
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\is-program-installed\.github\CONTRIBUTING.md	ASCII text	8BE9295BC256461C026888053E5D7B02	5F98C68DA9F9F085CCBFAC3800A6618CF144C18D	36AA1EF457E1D8FB080926B0DEA4A4A331C5B9C03ACA1ED509AA5F59C7D9BB85
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\is-program-installed\.github\FUNDING.yml	ASCII text	7056F2DCB0BD0B0B934B3E3A3332459A	A8616B7D5D08F75E0B072E626C56F0E6E9016F18	518391898E1EA30E6B972141D722DA116E0B2EA834F86DCA071F94D6F24EE4C8
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\is-program-installed\.github\ISSUE_TEMPLATE.md	ASCII text	663F6DAF8EFF00B135E72E9FEF927D48	A67B9C651DB4140A9380ACF04F9FF103241D0311	BB39204E443771D6A19C2B3593263CB421CE89600EBEB831719B921C0E39153D
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\is-program-installed\.github\PULL_REQUEST_TEMPLATE.md	ASCII text	1BFE5958549F06EA0228E18200117F57	CAA05A1E1944F5505F7F8146513658E9DE71FE31	D1D4A854008F11F2338FD9A9DB5FF2BA9199DC41CB640952E564D0D1BA90577D
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\is-program-installed\.github\SECURITY.md	ASCII text	CD0A6F293A44B76990025B9E756E2E08	CC37663B60DDD891395C1CDCA124F0E82E35811F	9C652BEC86887E4F2F8ACBB769055FB1423BC7821CE02E6AED76D7AE7E414381
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\is-program-installed\.github\workflows\test.yml	ASCII text	4B542210FF50317FAF3289FC1CCF4770	DBB049733F792CFCF1942537A064D38C0F2089AF	9F537C78CD2E968A28A56AEC7F361D0B5151E875D1AEC4F55081BAB3FDCC8897
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\is-program-installed\LICENSE.md	Unicode text, UTF-8 text, with very long lines (460)	CDC8D054D1ED2FFDC90CAF857C2AAE4A	45B1AB6D36826167A6AD27B907A6C750311E6CEE	E1434846E5D4E30C300E84247D65704CCEE62D96E50AE44357905A25998C8DDD
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\is-program-installed\README.md	ASCII text, with very long lines (303)	13571FF140B7102D7531ED409FE9A3CC	939EC22DBAA3C50B4684713D7CC891B73E907523	60B785F7F44D7619D5DA40F48B16C13DEC795D609ADEDC478BA67AD5E0443848
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\is-program-installed\index.js	ASCII text	AC1B6415C13441BFA70449E4F4170AD0	F9FDB6C521C663B169C486A139D391FA1CBD76E7	344901C5CA17A9EA128ECA14C83FC560E7E52138C0C67FE0C2461C710A6208F8
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\is-program-installed\index.test.js	ASCII text	AA292809F88749CB0A4B50AC3A30D3C0	932B970B6395B24E224C321661596CD8913F42CB	309B7060093BE0BE9A565BAA52F98410A5A1C33133F5247C10BC6882E478BC26
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\is-program-installed\package.json	JSON data	E5F55D7EE3B61F57AA9252E4976BE853	FC74F9673C0055FBA6124AED40D5FFCBF90021D4	5C4CD255BCA83CE2FAFE6D3752DB2CF8B4F71D1C796A15F1E196D9F24425882F
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\node-addon-api\LICENSE.md	ASCII text, with very long lines (460)	0492EF29A9D558A3E9660E7ACCC9CA6A	0AEF1FF2A58152DC83BAAA6D5E97E54525C4FF21	4FCF69BBECB999EC8FA0ECE62BC8934B7CDD45061AC1A8B1939A09BE64CD4352
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\node-addon-api\README.md	Unicode text, UTF-8 text	F2D7EA7E4D01EF5EF7E1BDE8232D96F8	9F653C3EAED33DF031F1BA2FB81B4365DC0B4BC7	13BE3E52775410F5D4AEC19A41F9F97382A82200A71AA911361B877109F26E6B
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\node-addon-api\common.gypi	ASCII text	98F8C21891914449F85FDBEBDE5EE6F2	40F91D126351B0FC9FD4F03B33CCA72D952DEFC3	F15742E3019096B85EF3E8985E2FE66C4DDA722908577E113A1B0264893ECCA8
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\node-addon-api\except.gypi	ASCII text	1FE1FF8CA630AC3F8A8B9C4AC7E08AAD	5D5716C9CAC44EEB2D911CCE7DC68F32BF49D47C	DDBC09F5B66FE24DD898FBE659085A6FF72E9575025004FC3762271DBA781E8B
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\node-addon-api\index.js	ASCII text	B6CC90D5B932A30E0F0CCC50AD604B14	8ADC616FC0A9AEBDFCE536AA9BF7E552FAFDC403	6528E924B31E091C3243132FE713EA0F1FA6362FFAA3C2DD09D12670DB6B60DC
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\node-addon-api\napi-inl.deprecated.h	C++ source, ASCII text	9449D419B251F86FBFE7A48795347026	3B05F270E067B03608BA2479CAE3B0F04307EFF9	96AFB169FD8AF899DDCADC102EA137E3CD253C13B8862CB11BD58601FE2A5F90
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\node-addon-api\napi-inl.h	C++ source, ASCII text	85DF6CB613DB042D15EC04E84492C23F	487EA0F23D70E7692F5B78CD6AE8C77934AE39DA	141FEE09A5439DE973314B4DDB783A09E74A097F7DDFC5E3B994764A182E3795
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\node-addon-api\napi.h	C++ source, ASCII text	F6D9F20C11573476B1937B6FC4D2EFEF	E1F46759C59C5035EB44B5A30BEAEE3B8EECB6BC	38ECE42F702D0226ECD63C8B9F0A13E71368D55944994BD2954DC142EFDDE669
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\node-addon-api\node_api.gyp	ASCII text	FCEC1557AC47891385AE1F67E6DA343A	E361D3A3BE19E802820F2FE59BFDF7C9EF72FC74	3CD2C44FB0974F016376B676D46BBEBBCA7C89D4383B09ECE30E4CB4122A1499
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\node-addon-api\noexcept.gypi	ASCII text	D75852A9F1E16B44A8E8D568CD2CEF04	4BF93F1EF3E5875CC40632CF229DEA170C8F03B3	494060B87197C489497A038504147C435B1D09306152048ADD42BA0D7D16E747
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\node-addon-api\package-support.json	JSON data	33E3FB94807BCD5102535F476C6A46A8	DEDC07E9973F104E29D2EEE9AD3468B0F40DD620	B1CB7DA23CCA1681C7392A3C889EB0CC4916C53D2D7692D4B654AE751F3442F3
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\node-addon-api\package.json	JSON data	FCCB36F2A58EB5796A183FD1D43FF085	C4ED1BA2A92D18FBE76BB4BCB79C9C2C928FD770	B47CCB2B24BF38CB49C7624BADD448B2364EB8DE7C92CE168F6BC89EBABCB2FB
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\node-addon-api\tools\README.md	ASCII text, with very long lines (339)	34143C24D232AC62205EC0B7601CB109	3DECBDEED6F0C742925A5BE9B78F5251A4C0B569	65E9EA918538F453166B10A1D609CF44CEC3D2D01F23FECB5265FB3A4BF303D5
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\node-addon-api\tools\check-napi.js	ASCII text	E0319363C4E8D95A44A00BF037061414	2E3895647CCDB1D20EEA6C325D32F7E12F4D7F2C	F3264FD3F9DD9BC3E051CDCF72125D34617B2B06B914C49F1E1297E53CFD524B
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\node-addon-api\tools\clang-format.js	a /usr/bin/env node script, ASCII text executable	52C3D9F6C0A2B69FA4699A93416C2692	5E18D8F7591F7DD97DE38B4129E644235777835B	F332F9209E5329776E63B4B48A53EFBE95403E47ECEA8C32DBCF937F3938D90A
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\node-addon-api\tools\conversion.js	a /usr/bin/env node script, ASCII text executable, with very long lines (454)	3F6FE59495A8968E296547DBADE7C73B	1C603B7606A5F36515CEC6781DB65BAB8BB0864F	DF2F681BDB4A1DAC5FAF7FA70A60DACE4DD12CE0B9964EFFCEE56A43F693FC6C
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\node-addon-api\tools\eslint-format.js	a /usr/bin/env node script, ASCII text executable	B4B9D969399A6A020D0B4FE91F201EBB	643D1FD1ACE1964A367B001D939CEA45B8620152	CB0D2625BBEE44502B5C170386D00C7BC07D0E0AE4E995524D2D00B025A369E2
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\pvutils\LICENSE	ASCII text	DAB25705DDF630B3F1AFF51263E1DCA2	2852B0A2CF8C22901D915FC7D99C0ED54888913D	15C88630F1E778DB64A446CB31B67362CC9EB7A048FDF5AC7AB51905B74464CD
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\pvutils\README.md	ASCII text	7FC4CF394B55F25E7E8E9A8A4E4990F1	A2CF3892CE9500BF7E6CB7EB0C35BD803742228F	77BF8BAAE73980E1D7518D15D1E12C40B5DBF5CE2B9A81A3EAEF2436C9E5AD87
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\pvutils\build\index.d.ts	ASCII text, with very long lines (309)	51BAD99664EB583928769A643A9AAC30	C0CF783BE69EEEC96115F07C5C154A74FDFBA548	43DD64D1B82E16E897E949B43576823D6FC1BB5E55E4950267A873692850FF32
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\pvutils\build\utils.es.js	Algol 68 source, ASCII text, with CRLF, LF line terminators	9197EEC841670CCE4C026C40F0B95DE7	94F7618AFDCA5589D52F7B5E35C26E1C2BCFB7E2	0578F1E3467599ACC43B3E53006669B51ACD9EF019524286B5443328E80F6B71
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\pvutils\build\utils.js	Algol 68 source, ASCII text, with CRLF, LF line terminators	63DEB1E70FF8AE5420D54491B204076F	C2AB67D87AC8539C6B01751BA7F757488B5EE06C	DF04E5483B66AF19B163561164DE1E66B71A68A09E94D60880B92AE01B7B07FD
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\pvutils\package.json	JSON data	34EE8B6A4C9B46F875F760CF99329403	0996D9F22C0FB88182D16E905E41DF8609B9A2C8	0B1B999200A4A9B5C9EF97F4B723B7667CF66225B1E26053EB802BFCC146444D
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\package.json	JSON data	CEA969B6DE0A42972B3108F97FD4D415	0038812B8DA67905CC6206C0E213AA7952A8E7EF	439113FEA4346C21D2FA27AC99ED7CE11EB415B896828B7CE2B4951F2D515EBA
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\snapshot_blob.bin	data	0AB2D987874F532E44E8DB5F6444206B	9F6E013824CEC49B77C00288A22CE63447E35C2C	73E22C4FE4D2C334BE02164BB951E1E586270F5A32BFF25B9666E21031D23537
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	6FCBE10724D6C767002A845C0BBE1139	18B57D7646DEB32B5681934E2921E98F55818246	28A913DB4008030DE78F2E5C04A27BC81DBA0C4147248B95078AD1ACA2D1AC9D
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\swiftshader\libEGL.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	3532ADDCE0DBC08008C39132853F83E3	7033315E91B1EEACACC0681422DDEB90DCF9AC56	3183002724DF237FB889482E96DFBB845913B22B18C7E4E32EE935D8FB8BB344
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\swiftshader\libGLESv2.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	995480CA0EEEC22B997A28F725C709C1	10D1BC61D6FCF221312C416A12F5A04B60B507D5	E3CCB2E60383A5176A8587829A1F5AD4EB9000B488B1F245CA12A173F0812001
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\v8_context_snapshot.bin	data	32A536FF6BE9F9284EFAFEEBA528DDE6	581B0ABDCA676724B6485B601E27D75702A3CFC1	F24C74397B0947E6B67FFE7D81079D8871E45CF71180189352C54D9B7F86A6BE
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\vk_swiftshader.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	4C828A0107ECEAC869BB8CE8E068C249	906A9A8735F4FE538381A023156AACB99F42C074	45C2379CA2667A60D36603D932962C9B64422AE75C96F6DBAA17F12A5E68BC2D
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\vk_swiftshader_icd.json	JSON data	8642DD3A87E2DE6E991FAE08458E302B	9C06735C31CEC00600FD763A92F8112D085BD12A	32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\vulkan-1.dll	PE32+ executable (DLL) (console) x86-64, for MS Windows	90DB641489FCA109405AFFA1B147C21C	88EF185F2EAB9E2DF54E77C3DB9A5B15463DFE90	FFAA8788C96F075D335049BBE1F1B8774B5981ED4918E787171BC9C9CB8A2000
C:\Users\user\AppData\Local\CriptoCNS\criptocns.exe	PE32 executable (GUI) Intel 80386, for MS Windows	C0E72BE9CD51E3A3C5945AA0D2EFC129	3E81908EB52DFCE3EA34598A8C54DFFC9B8B2152	7620C5B8FC26AB0B0675F439968CD0B4746B0627E78A62498223A7D7EE873E14
C:\Users\user\AppData\Local\CriptoCNS\packages\CriptoCNS-1.1.1-full.nupkg	Zip archive data, at least v2.0 to extract, compression method=deflate	E5F96C462BB76545C3142BD0BBABA4C0	02DAD2CB0009AE577A4C0D9CFF84E3BC4E338B0A	07463B4992E69FCF2293B749C5F954EEFA65132D853A76647C4DE6EFFE820475
C:\Users\user\AppData\Local\CriptoCNS\packages\RELEASES	Unicode text, UTF-8 (with BOM) text, with no line terminators	88FF6E461A79A3A6FB86E19670A9B103	86D953A4F88A8DBA66DF8E0F67C12DFB70CB47AA	383BCBD3DB1DD3894DF579579DD44D20EADB166B44135E20876734FB3A886914
C:\Users\user\AppData\Local\CriptoCNS\packages\SquirrelTemp\tempa	Unicode text, UTF-8 (with BOM) text, with no line terminators	88FF6E461A79A3A6FB86E19670A9B103	86D953A4F88A8DBA66DF8E0F67C12DFB70CB47AA	383BCBD3DB1DD3894DF579579DD44D20EADB166B44135E20876734FB3A886914
C:\Users\user\AppData\Local\SquirrelTemp\CriptoCNS-1.1.1-full.nupkg	Zip archive data, at least v2.0 to extract, compression method=deflate	E5F96C462BB76545C3142BD0BBABA4C0	02DAD2CB0009AE577A4C0D9CFF84E3BC4E338B0A	07463B4992E69FCF2293B749C5F954EEFA65132D853A76647C4DE6EFFE820475
C:\Users\user\AppData\Local\SquirrelTemp\RELEASES	Unicode text, UTF-8 (with BOM) text, with no line terminators	88FF6E461A79A3A6FB86E19670A9B103	86D953A4F88A8DBA66DF8E0F67C12DFB70CB47AA	383BCBD3DB1DD3894DF579579DD44D20EADB166B44135E20876734FB3A886914
C:\Users\user\AppData\Local\SquirrelTemp\Squirrel-Install.log	Unicode text, UTF-8 (with BOM) text, with very long lines (509), with CRLF line terminators	89127B45E9DA263BC99DB9F4F5428BC3	6135BAD55779024672D902519741F520A992A087	80AEEC667D66EE5A031BBB12B772EF74504BD9FC77AB00FA6621B85D2CF913ED
C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows	A560BAD9E373EA5223792D60BEDE2B13	82A0DA9B52741D8994F28AD9ED6CBD3E6D3538FA	76359CD4B0349A83337B941332AD042C90351C2BB0A4628307740324C97984CC
C:\Users\user\AppData\Local\SquirrelTemp\background.gif	GIF image data, version 89a, 600 x 225	C8105D3AED6DF399FF4D012285F8A4F7	C1F70B727118E9FF44864DDC3BB9BA1D7E082D5A	4A25347E4BA104E7180277C09E40A3A8DFC8E8F29A936873DC5BDFF4FE8A2D5D
C:\Users\user\AppData\Local\SquirrelTemp\setupIcon.ico	MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel	485DDC69B5B9CE121543C032E0CE8FB1	47CC6076E1B5AE4A5A7022FA35772794CD12D876	DD31809BD70C649B8F7B43917BEA0EFA3683408D69314297D782DCD744C57D75
C:\Users\user\AppData\Local\Temp\.squirrel-lock-80FE40C371EE331E8AAC12FD0CE045EE05CB9C25	ISO-8859 text, with CR line terminators	A7E0F8AC46398A7876D1E40DD52C2AAB	B66922B4E6F09E23C072E4AFF49C67C3121DD5AF	05174BBF0D407087E45B12BAAE17117426852FF3A9E58D12A0EBB9A10B409743
C:\Users\user\AppData\Roaming\criptocns\32aa2630-bb3e-4df1-bab5-34a7af0d1e4e.tmp	JSON data	329622F40165883B656ABAB0D93674C4	DD0DDF3B58BA7BF841B7664F890C65DC7B20CE87	2A2BF0F32B2E88B7394AB518C2EF85880824317076DCE7E932BB8C9B8F218488
C:\Users\user\AppData\Roaming\criptocns\3a4253e9-0892-4ff7-9b9e-143f035bef57.tmp	JSON data	A0FD02F37166F36059CDCC0B2B51CB38	AE3852DF9657F58D22FBF92A67FE9B7C98C049A3	5E27367897AF9DBE36C690D29653245242BE1FF7029DC928ECCD3D822C28DEB0
C:\Users\user\AppData\Roaming\criptocns\Cache\Cache_Data\data_0	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0	CF89D16BB9107C631DAABF0C0EE58EFB	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
C:\Users\user\AppData\Roaming\criptocns\Cache\Cache_Data\data_1	data	D0D388F3865D0523E451D6BA0BE34CC4	8571C6A52AACC2747C048E3419E5657B74612995	902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
C:\Users\user\AppData\Roaming\criptocns\Cache\Cache_Data\data_2	data	0962291D6D367570BEE5454721C17E11	59D10A893EF321A706A9255176761366115BEDCB	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
C:\Users\user\AppData\Roaming\criptocns\Cache\Cache_Data\data_3	data	41876349CB12D6DB992F1309F22DF3F0	5CF26B3420FC0302CD0A71E8D029739B8765BE27	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
C:\Users\user\AppData\Roaming\criptocns\Cache\Cache_Data\index	FoxPro FPT, blocks size 512, next free block index 3284796353, field type 0	843725A4AD46CAD310555952F3E2AF55	9E7AE33E785C07C524D52089FBED72A4CF716E80	B65A732DFE30C3B12BBE6392213E4D46AF251CBFEDB290ABA883B3C4D9BBA7C5
C:\Users\user\AppData\Roaming\criptocns\Code Cache\js\index	data	54CB446F628B2EA4A5BCE5769910512E	C27CA848427FE87F5CF4D0E0E3CD57151B0D820D	FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
C:\Users\user\AppData\Roaming\criptocns\Code Cache\js\index-dir\temp-index	data	AF9D3B73735A5CEE4A34E749E2C3E65F	EAC82998517E9C8DBD62B5C3F80C1281A1052FEA	50918F009DE33D31ED562C8BE6D4BBDDD370CEF1E9CAB8946FFCCA0AD70E2067
C:\Users\user\AppData\Roaming\criptocns\Code Cache\js\index-dir\the-real-index (copy)	data	AF9D3B73735A5CEE4A34E749E2C3E65F	EAC82998517E9C8DBD62B5C3F80C1281A1052FEA	50918F009DE33D31ED562C8BE6D4BBDDD370CEF1E9CAB8946FFCCA0AD70E2067
C:\Users\user\AppData\Roaming\criptocns\Code Cache\wasm\index	data	54CB446F628B2EA4A5BCE5769910512E	C27CA848427FE87F5CF4D0E0E3CD57151B0D820D	FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
C:\Users\user\AppData\Roaming\criptocns\Code Cache\wasm\index-dir\temp-index	data	B16012756CEFE03405B2210E2AA82DDA	81FBD61F15F066E1994D5D500869E780356F58EE	BAE15A5F989F039DC8FAEAA03FFD8AEAF1299563E0C1BD2D50EBFEAB5B91B077
C:\Users\user\AppData\Roaming\criptocns\Code Cache\wasm\index-dir\the-real-index (copy)	data	B16012756CEFE03405B2210E2AA82DDA	81FBD61F15F066E1994D5D500869E780356F58EE	BAE15A5F989F039DC8FAEAA03FFD8AEAF1299563E0C1BD2D50EBFEAB5B91B077
C:\Users\user\AppData\Roaming\criptocns\GPUCache\data_0	FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0	CF89D16BB9107C631DAABF0C0EE58EFB	3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B	D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
C:\Users\user\AppData\Roaming\criptocns\GPUCache\data_1	data	D0D388F3865D0523E451D6BA0BE34CC4	8571C6A52AACC2747C048E3419E5657B74612995	902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
C:\Users\user\AppData\Roaming\criptocns\GPUCache\data_2	data	0962291D6D367570BEE5454721C17E11	59D10A893EF321A706A9255176761366115BEDCB	EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
C:\Users\user\AppData\Roaming\criptocns\GPUCache\data_3	data	41876349CB12D6DB992F1309F22DF3F0	5CF26B3420FC0302CD0A71E8D029739B8765BE27	E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
C:\Users\user\AppData\Roaming\criptocns\GPUCache\index	FoxPro FPT, blocks size 512, next free block index 3284796353, field type 0	1F10D7709C1E1D8F26E60F560BDF60B4	151FEDCCBED531D90B5B468EB9E375AC4EFA1459	5F2059D952C4C29E4EAA6B6A8AA427F22D1415F991727F4A3DD3058AA2D8CFCC
C:\Users\user\AppData\Roaming\criptocns\Local State (copy)	JSON data	A0FD02F37166F36059CDCC0B2B51CB38	AE3852DF9657F58D22FBF92A67FE9B7C98C049A3	5E27367897AF9DBE36C690D29653245242BE1FF7029DC928ECCD3D822C28DEB0
C:\Users\user\AppData\Roaming\criptocns\Local Storage\leveldb\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Roaming\criptocns\Local Storage\leveldb\CURRENT (copy)	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Roaming\criptocns\Local Storage\leveldb\MANIFEST-000001	OpenPGP Secret Key	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Roaming\criptocns\Preferences (copy)	JSON data	329622F40165883B656ABAB0D93674C4	DD0DDF3B58BA7BF841B7664F890C65DC7B20CE87	2A2BF0F32B2E88B7394AB518C2EF85880824317076DCE7E932BB8C9B8F218488
\Device\Null	ASCII text, with CRLF line terminators	0E78D489470C8718A01F72C02B01034E	894ADAF5A161704CDA4C276877A2E2F05BD6FA9A	63A1626B4D619D0A6614F871440E7F72C64347101E40E7EA87082676D5B0EC22

Windows Analysis Report
installcriptocns.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Queries volume information: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Queries volume information: C:\Users\user\AppData\Local\SquirrelTemp\background.gif VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Queries volume information: C:\Users\user\AppData\Local\SquirrelTemp\setupIcon.ico VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Queries volume information: C:\Users\user\AppData\Local\SquirrelTemp\background.gif VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\SquirrelTemp\Update.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\squirrel.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\Update.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\package.json VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1 VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\package.json VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice\main.js VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice\main.js VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice\config.js VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice\config.js VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice\config.js VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components\options.js VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components\options.js VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components\wanhamou.js VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components\wanhamou.js VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components\wanhamou.js VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice\module.js VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice\module.js VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice\module.js VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components\update.js VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components\update.js VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components\update.js VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components\lock.js VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components\lock.js VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components\lock.js VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components\lock-native.node VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\components\lock-native.node VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice\distribution.json VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice\service.js VolumeInformation
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users VolumeInformation
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice\service.js VolumeInformation
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules VolumeInformation
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\alert\index.js VolumeInformation
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\alert\index.js VolumeInformation
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\alert\node.js VolumeInformation
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\alert\node.js VolumeInformation
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\is-program-installed VolumeInformation
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\is-program-installed\index.js VolumeInformation
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\is-program-installed VolumeInformation
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\node_modules\is-program-installed\index.js VolumeInformation
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice\options.js VolumeInformation
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app VolumeInformation
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice\options.js VolumeInformation
Source: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\criptocns.exe	Queries volume information: C:\Users\user\AppData\Local\CriptoCNS\app-1.1.1\resources\app\appservice\options.js VolumeInformation

Windows Analysis Report installcriptocns.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Windows Analysis Report
installcriptocns.exe