Windows Analysis Report
NebulardGame (1).exe

Overview

General Information

Sample name: NebulardGame (1).exe
Analysis ID: 1561556
MD5: 535765b4776df6913634be23e077da00
SHA1: 52a11245136c85443527275cca6cd602f8d03330
SHA256: a9165466ad09f37a2c76b8e144025f0bd9fc739b3f0f16a837e31e278914585d
Tags: exeinstallerloaderstealeruser-Pekomposo19999
Infos:

Detection

Score: 32
Range: 0 - 100
Whitelisted: false
Confidence: 0%

Signatures

Drops large PE files
Contains functionality for read data from the clipboard
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops certificate files (DER)
Enables debug privileges
Enables security privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Console CodePage Lookup Via CHCP
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Uses 32bit PE files
Source: NebulardGame (1).exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\NebulardGame (1).exe Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\9564a7c5-e811-5054-8531-3e0680b94024 Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe File created: C:\Users\user\AppData\Local\Temp\nsiF1F9.tmp\7z-out\LICENSE.electron.txt Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe File created: C:\Users\user\AppData\Local\Programs\Nebulard\LICENSE.electron.txt Jump to behavior
Source: NebulardGame (1).exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Dev\elevate\bin\x86\Release\Elevate.pdb source: NebulardGame (1).exe, 00000000.00000003.2040203246.0000000002DF2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdb source: NebulardGame (1).exe, 00000000.00000003.1943576098.0000000005235000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\ffmpeg.dll.pdb source: NebulardGame (1).exe, 00000000.00000003.1945084847.0000000005231000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdbGCTL source: NebulardGame (1).exe, 00000000.00000003.1943576098.0000000005235000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vk_swiftshader.dll.pdb source: NebulardGame (1).exe, 00000000.00000003.2010297290.000000000523F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: NebulardGame (1).exe, 00000000.00000003.1920495498.0000000002E90000.00000004.00001000.00020000.00000000.sdmp, NebulardGame (1).exe, 00000000.00000003.1920911720.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, NebulardGame (1).exe, 00000000.00000003.1921194037.0000000005802000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\NebulardGame (1).exe Code function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, 0_2_004059CC
Source: C:\Users\user\Desktop\NebulardGame (1).exe Code function: 0_2_004065FD FindFirstFileW,FindClose, 0_2_004065FD
Source: C:\Users\user\Desktop\NebulardGame (1).exe Code function: 0_2_00402868 FindFirstFileW, 0_2_00402868
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe File opened: C:\Users\user Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe File opened: C:\Users\user\AppData\Local\Programs\Nebulard Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe File opened: C:\Users\user\AppData\Local\Programs\Nebulard\resources Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe File opened: C:\Users\user\AppData Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe File opened: C:\Users\user\AppData\Local Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe File opened: C:\Users\user\AppData\Local\Programs Jump to behavior
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 104.17.24.14 104.17.24.14
Source: Joe Sandbox View IP Address: 172.64.41.3 172.64.41.3
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: GET /ajax/libs/font-awesome/6.2.1/css/all.min.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Nebulard/3.5.4 Chrome/108.0.5359.215 Electron/22.3.27 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-GB
Source: global traffic HTTP traffic detected: OPTIONS /report/v4?s=5yhEtEGyaiqEf7rw3I15BYsRWhikKFbGHxaOtrkCn7Najdx%2FK%2BBJRjFzdZeHXuzLjk70fARt0cGZzsbs3QWF2TKP4zKhqPlERBW2fE0Zxo5qe4A3vz1U3hTcpAnOO0tnA18PBgzp HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveOrigin: https://cdnjs.cloudflare.comAccess-Control-Request-Method: POSTAccess-Control-Request-Headers: content-typeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Nebulard/3.5.4 Chrome/108.0.5359.215 Electron/22.3.27 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB
Source: global traffic HTTP traffic detected: POST /report/v4?s=5yhEtEGyaiqEf7rw3I15BYsRWhikKFbGHxaOtrkCn7Najdx%2FK%2BBJRjFzdZeHXuzLjk70fARt0cGZzsbs3QWF2TKP4zKhqPlERBW2fE0Zxo5qe4A3vz1U3hTcpAnOO0tnA18PBgzp HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 510Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Nebulard/3.5.4 Chrome/108.0.5359.215 Electron/22.3.27 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /ajax/libs/font-awesome/6.2.1/css/all.min.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Nebulard/3.5.4 Chrome/108.0.5359.215 Electron/22.3.27 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-GB
Source: Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: chttps://www.baidu.com/s?ie={inputEncoding}&wd={searchTerms}https://www.baidu.com/s?ie={inputEncoding}&word={searchTerms}https://www.baidu.com/{google:pathWildcard}/s?ie={inputEncoding}&word={searchTerms}{google:baseURL}#q={searchTerms}{google:baseURL}search#q={searchTerms}{google:baseURL}webhp#q={searchTerms}{google:baseURL}s#q={searchTerms}{google:baseURL}s?q={searchTerms}https://go.mail.ru/msearch?q={searchTerms}&{mailru:referralID}https://m.so.com/s?ie={inputEncoding}&q={searchTerms}https://m.so.com/index.php?ie={inputEncoding}&q={searchTerms}https://m.sogou.com/web/{google:pathWildcard}?ie={inputEncoding}&keyword={searchTerms}http://searchatlas.centrum.cz/?q={searchTerms}http://hladaj.atlas.sk/fulltext/?phrase={searchTerms}http://isearch.avg.com/search?q={searchTerms}http://search.avg.com/route/?q={searchTerms}&lng={language}https://isearch.avg.com/search?q={searchTerms}https://search.avg.com/route/?q={searchTerms}&lng={language}http://search.babylon.com/?q={searchTerms}http://search.conduit.com/Results.aspx?q={searchTerms}http://www.delfi.lt/paieska/?q={searchTerms}http://www.delta-search.com/?q={searchTerms}http://www1.delta-search.com/home?q={searchTerms}http://www1.delta-search.com/?q={searchTerms}http://www2.delta-search.com/home?q={searchTerms}http://www2.delta-search.com/?q={searchTerms}http://www.search.delta-search.com/home?q={searchTerms}http://www.search.delta-search.com/?q={searchTerms}http://www.yhs.delta-search.com/home?q={searchTerms}http://www.yhs.delta-search.com/?q={searchTerms}http://mixidj.delta-search.com/home?q={searchTerms}http://mixidj.delta-search.com/?q={searchTerms}http://search.goo.ne.jp/web.jsp?MT={searchTerms}&IE={inputEncoding}http://search.goo.ne.jp/sgt.jsp?MT={searchTerms}&CL=plugin&FM=json&IE={inputEncoding}http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx#q={searchTerms}http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx#q={searchTerms}http://start.iminent.com/?q={searchTerms}http://start.iminent.com/StartWeb/1033/homepage/#q={searchTerms}http://search.incredibar.com/?q={searchTerms}http://mystart.incredibar.com/?search={searchTerms}https://www.neti.ee/cgi-bin/otsing?query={searchTerms}&src=webhttps://www.neti.ee/api/suggestOS?suggestVersion=1&suggestQuery={searchTerms}https://nova.rambler.ru/search?query={searchTerms}https://nova.rambler.ru/suggest?v=3&query={searchTerms}http://www.search-results.com/web?q={searchTerms}http://search.snap.do/?q={searchTerms}http://feed.snapdo.com/?q={searchTerms}http://feed.snap.do/?q={searchTerms}http://en.softonic.com/s/{searchTerms}http://www.softonic.com/s/{searchTerms}http://www.softonic.com.br/s/{searchTerms}http://buscador.softonic.com/?q={searchTerms}http://nl.softonic.com/s/{searchTerms}https://search.softonic.com/?q={searchTerms}https://en.softonic.com/s/{searchTerms}https://www.softonic.com/s/{searchTerms}https://www.softonic.com.br/s/{searchTerms}https://buscador.softonic.com/?q={searchTerms}https://nl.softonic.com/s/{searchTer
Source: global traffic DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global traffic DNS traffic detected: DNS query: x1.i.lencr.org
Source: unknown HTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://ak.apnstatic.com/media/images/favicon_search-results.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://ak.apnstatic.com/media/images/favicon_search-results.icohttp://dts.search-results.com/sr?lng=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://arianna.libero.it/search/abin/integrata.cgi?query=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://autocomplete.nigma.ru/complete/query_help.php?suggest=true&q=
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://blog.izs.me/)
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp, NebulardGame (1).exe, 00000000.00000003.1838898780.000000000503C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://blog.izs.me/post/59142742143/designing-apis-for-asynchrony)
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://buscador.terra.es/Default.aspx?source=Search&ca=s&query=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://buscador.terra.es/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://buscador.terra.es/favicon.icohttp://buscador.terra.es/Default.aspx?source=Search&ca=s&query=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://buscar.terra.com.ar/Default.aspx?source=Search&ca=s&query=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://buscar.terra.com.ar/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://buscar.terra.com.ar/favicon.icohttp://buscar.terra.com.ar/Default.aspx?source=Search&ca=s&que
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cgit.freedesktop.org/xorg/xserver/tree/COPYING
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cldr.unicode.org/index/downloads
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://code.google.com/p/v8
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp, NebulardGame (1).exe, 00000000.00000003.1838898780.000000000503C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://connalle.blogspot.com/2013/10/topological-sortingkahn-algorithm.html
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://developer.android.com/tools/extras/support-library.html
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html#access-bucket-intro
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://dts.search-results.com/sr?lng=
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-object.keys)
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-object.prototype.tostring)
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-tolength).
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://eev.ee/blog/2015/09/12/dark-corners-of-unicode/).
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://fedorahosted.org/lohit>
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://find.in.gr/?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.pnghttp://find.in.gr/?q=
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://freedesktop.org
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://g1.delphi.lv/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://g1.delphi.lv/favicon.icohttp://www.delfi.lv/search_all/?ie=
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://git.linuxtv.org/v4l-utils.git
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://hladaj.atlas.sk/fulltext/?phrase=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://i.rl0.ru/2011/icons/rambler.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://i.rl0.ru/2011/icons/rambler.icohttp://nova.rambler.ru/search?query=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://i.wp.pl/a/i/stg/500/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://i.wp.pl/a/i/stg/500/favicon.icohttp://szukaj.wp.pl/szukaj.html?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://imgs.sapo.pt/images/sapo.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://imgs.sapo.pt/images/sapo.icohttp://pesquisa.sapo.pt/?q=
Source: NebulardGame (1).exe, 00000000.00000003.2040203246.0000000002DF2000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://int3.de/
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://isearch.avg.com/search?q=
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://labs.creativecommons.org/licenses/zero-waive/1.0/us/legalcode>
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://linkurystoragenorthus.blob.core.windows.net/static/favicon.icohttp://search.snapdo.com/?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://mixidj.delta-search.com/?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://mixidj.delta-search.com/home?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.icohttp://arianna.libero.it/search/ab
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://mxr.mozilla.org/comm-central/source/mozilla/netwerk/base/src/nsURLParsers.cpp
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://nigma.ru/?s=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://nigma.ru/themes/nigma/img/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://nigma.ru/themes/nigma/img/favicon.icohttp://nigma.ru/?s=
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp, NebulardGame (1).exe, 00000000.00000003.1838898780.000000000503C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://nodejs.org)
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://nova.rambler.ru/search?query=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://nova.rambler.ru/suggest?v=3&query=
Source: NebulardGame (1).exe, 00000000.00000002.2127130986.000000000040A000.00000004.00000001.01000000.00000003.sdmp, NebulardGame (1).exe, 00000000.00000000.1772281971.000000000040A000.00000008.00000001.01000000.00000003.sdmp String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://ok.hu/gfx/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://ok.hu/gfx/favicon.icohttp://ok.hu/katalogus?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://ok.hu/katalogus?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://pesquisa.sapo.pt/?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://pesquisa.sapo.pt/livesapo?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://radce.centrum.cz/?q=
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://scripts.sil.org/OFL
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://search.avg.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://search.avg.com/favicon.icohttp://search.avg.com/search?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://search.avg.com/route/?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://search.avg.com/search?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://search.babylon.com/?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://search.babylon.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://search.babylon.com/favicon.icohttp://search.babylon.com/home?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://search.babylon.com/home?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://search.conduit.com/Results.aspx?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://search.goo.ne.jp/sgt.jsp?MT=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://search.goo.ne.jp/web.jsp?MT=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://search.imesh.net/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://search.imesh.net/favicon.icohttp://search.imesh.net/music?hl=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://search.imesh.net/music?hl=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://search.iminent.com/?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://search.iminent.com/Shared/Images/favicon_gl.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://search.iminent.com/Shared/Images/favicon_gl.icohttp://search.iminent.com/?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://search.incredibar.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://search.incredibar.com/favicon.icohttp://search.incredibar.com/search.php?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://search.incredibar.com/search.php?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://search.snapdo.com/?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://search.softonic.com/?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://search.softonic.com/img/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://search.softonic.com/img/favicon.icohttp://search.softonic.com/?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://search.sweetim.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://search.sweetim.com/favicon.icohttp://search.sweetim.com/search.asp?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://search.sweetim.com/search.asp?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://search.tut.by/?ru=1&query=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://search.tut.by/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://search.tut.by/favicon.icohttp://search.tut.by/?ru=1&query=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://search.walla.co.il/?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://searchatlas.centrum.cz/?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://searchfunmoods.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://searchfunmoods.com/favicon.icohttp://searchfunmoods.com/results.php?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://searchfunmoods.com/results.php?q=
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://source.android.com/
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://source.android.com/compatibility)
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/xz/COPYING
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://start.sweetpacks.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://start.sweetpacks.com/favicon.icohttp://start.sweetpacks.com/search.asp?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://start.sweetpacks.com/search.asp?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.icohttps://hladaj.atlas.sk/fulltext/?p
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://substack.net)
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://szukaj.wp.pl/szukaj.html?q=
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://tukaani.org/xz/
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://valgrind.org
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://webkit.org/
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/licenses/
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.chromium.org
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://www.conduit.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://www.conduit.com/favicon.icohttp://www.conduit.com/search?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://www.conduit.com/search?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://www.delfi.lt/paieska/?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://www.delfi.lv/search_all/?ie=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://www.delta-search.com/?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://www.delta-search.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://www.delta-search.com/favicon.icohttp://www.delta-search.com/home?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://www.delta-search.com/home?q=
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp, NebulardGame (1).exe, 00000000.00000003.1838898780.000000000503C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.ecma-international.org/ecma-262/5.1/#sec-8.6)
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.ecma-international.org/ecma-262/7.0/#sec-ecmascript-language-types)
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.freedesktop.org/wiki/Software/xdg-user-dirs
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.linux-usb.org/usb-ids.html
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/MPL/
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://www.neti.ee/api/suggestOS?suggestQuery=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://www.neti.ee/cgi-bin/otsing?query=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://www.neti.ee/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://www.neti.ee/favicon.icohttp://www.neti.ee/cgi-bin/otsing?query=
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.nongnu.org/freebangfont/downloads.html#mukti
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://www.search.delta-search.com/?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://www.search.delta-search.com/home?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://www.searchnu.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://www.searchnu.com/favicon.icohttp://www.searchnu.com/web?hl=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://www.searchnu.com/web?hl=
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.strongtalk.org/
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.suitable.com
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.suitable.com/tools/smslib.html
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.suitable.com/tools/smslib.html>
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://www.walla.co.il/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://www.walla.co.il/favicon.icohttp://search.walla.co.il/?q=
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.webrtc.org
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://www.yhs.delta-search.com/?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://www.yhs.delta-search.com/home?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://www1.delta-search.com/?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://www1.delta-search.com/home?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://www2.delta-search.com/?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: http://www2.delta-search.com/home?q=
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://zlib.net/
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://ac.search.naver.com/nx/ac?of=os&ie=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://api.oceanhero.today/suggestions?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://api.qwant.com/api/suggest/?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://ar.search.yahoo.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://ar.search.yahoo.com/favicon.icohttps://ar.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://ar.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://ar.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://at.search.yahoo.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://at.search.yahoo.com/favicon.icohttps://at.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://at.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://at.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://au.search.yahoo.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://au.search.yahoo.com/favicon.icohttps://au.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://au.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://au.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://br.search.yahoo.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://br.search.yahoo.com/favicon.icohttps://br.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://br.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://br.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://ca.search.yahoo.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://ca.search.yahoo.com/favicon.icohttps://ca.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://ca.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://ca.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp, NebulardGame (1).exe, 00000000.00000003.1838898780.000000000503C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://camo.githubusercontent.com/6bbd36f4cf5b35a0f11a96dcd2e97711ffc2fb37/68747470733a2f2f662e636c
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp, NebulardGame (1).exe, 00000000.00000003.1838898780.000000000503C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://camo.githubusercontent.com/f4810e00e1c5f5f8addbe3e9f49064fd5d102699/68747470733a2f2f662e636c
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp, NebulardGame (1).exe, 00000000.00000003.1838898780.000000000503C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://caolan.github.io/async/
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://ch.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: NebulardGame (1).exe, 00000000.00000003.2016699656.0000000002DE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=am&category=theme81https://myactivity.google.com/myactivity/?u
Source: NebulardGame (1).exe, 00000000.00000003.2019739475.0000000002DE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=el&category=theme81https://myactivity.google.com/myactivity/?u
Source: NebulardGame (1).exe, 00000000.00000003.2019739475.0000000002DE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=en&category=theme81https://myactivity.google.com/myactivity/?u
Source: NebulardGame (1).exe, 00000000.00000003.2034429297.0000000002DE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=ru&category=theme81https://myactivity.google.com/myactivity/?u
Source: NebulardGame (1).exe, 00000000.00000003.2038080530.0000000002DE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chrome.google.com/webstore?hl=ur&category=theme81https://myactivity.google.com/myactivity/?u
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chromium.googlesource.com/chromium/src/
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chromium.googlesource.com/vulkan-deps/
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chromium.googlesource.com/webm/libwebm
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chromium.googlesource.com/webm/libwebp
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://cl.search.yahoo.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://cl.search.yahoo.com/favicon.icohttps://cl.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://cl.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://cl.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://co.search.yahoo.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://co.search.yahoo.com/favicon.icohttps://co.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://co.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://co.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://coccoc.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://coccoc.com/favicon.icohttps://coccoc.com/search#query=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://coccoc.com/search#query=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://de.search.yahoo.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://de.search.yahoo.com/favicon.icohttps://de.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://de.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://de.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dejavu-fonts.github.io/Download.html
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp, NebulardGame (1).exe, 00000000.00000003.1838898780.000000000503C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/async_function
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://developers.google.com/android/guides/setup
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://dk.search.yahoo.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://dk.search.yahoo.com/favicon.icohttps://dk.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://dk.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://dl.gmx.com/apps/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://dl.gmx.com/apps/favicon.icohttps://search.gmx.com/web/result?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://duckduckgo.com/?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://es.search.yahoo.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://es.search.yahoo.com/favicon.icohttps://es.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://es.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://es.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://fi.search.yahoo.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://fi.search.yahoo.com/favicon.icohttps://fi.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://fi.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://fr.search.yahoo.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://fr.search.yahoo.com/favicon.icohttps://fr.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://fr.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://fr.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/Cyan4973/xxHash
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/GPUOpen-LibrariesAndSDKs/VulkanMemoryAllocator
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/GoogleChromeLabs/text-fragments-polyfill
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/KhronosGroup/SPIRV-Cross
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/KhronosGroup/SPIRV-Headers.git
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/KhronosGroup/SPIRV-Tools.git
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/KhronosGroup/Vulkan-Headers
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/KhronosGroup/Vulkan-Loader
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/SeleniumHQ/selenium/tree/trunk/py
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/Squirrel/Squirrel.Mac
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/aawc/unrar.git
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp, NebulardGame (1).exe, 00000000.00000003.1838898780.000000000503C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/caolan/async.git
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/electron-userland/electron-builder
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/electron-userland/electron-builder.git
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp, NebulardGame (1).exe, 00000000.00000003.1838898780.000000000503C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/epoberezkin/json-schema-traverse#readme
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp, NebulardGame (1).exe, 00000000.00000003.1838898780.000000000503C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/epoberezkin/json-schema-traverse.git
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/diff-match-patch/tree/master/javascript
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/distributed_point_functions
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/google-api-cpp-client/
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/ruy
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/ukey2
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/woff2
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/wuffs-mirror-release-c
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/xnnpack
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://github.com/gpuweb/gpuweb/issues/1565:
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/jprichardson/node-fs-extra
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/jprichardson/node-fs-extra/issues/269
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/libuv/libuv/pull/1088
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/8987
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/normalize/mz
Source: NebulardGame (1).exe, 00000000.00000003.1838898780.000000000503C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/npm/node-semver.git
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/sindresorhus/make-dir
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp, NebulardGame (1).exe, 00000000.00000003.1838898780.000000000503C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/sponsors/sindresorhus
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/substack/node-mkdirp.git
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/tensorflow/models
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/tensorflow/tensorflow
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/tensorflow/text.git
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/tensorflow/tflite-support
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/wasdk/wasmparser
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/web-animations/web-animations-js
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gitlab.freedesktop.org/wayland/weston
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gitlab.freedesktop.org/xdg/xdgmime
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gitlab.freedesktop.org/xorg/proto/xproto/
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://go.imgsmail.ru/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://go.imgsmail.ru/favicon.icohttps://go.mail.ru/search?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://go.mail.ru/chrome/newtab/
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://go.mail.ru/msearch?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://go.mail.ru/search?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://gpuweb.github.io/gpuweb/wgsl/#texel-formats
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://gpuweb.github.io/gpuweb/wgsl/#texel-formatstexture_2d
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://hk.search.yahoo.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://hk.search.yahoo.com/favicon.icohttps://hk.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://hk.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://hk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://hladaj.atlas.sk/fulltext/?phrase=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://id.search.yahoo.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://id.search.yahoo.com/favicon.icohttps://id.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://id.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://id.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://in.search.yahoo.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://in.search.yahoo.com/favicon.icohttps://in.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://in.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://in.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://isearch.avg.com/search?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://lss.sse-iacapps.com/query?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://m.so.com/index.php?ie=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://m.so.com/s?ie=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://m.sogou.com/web/
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://malaysia.search.yahoo.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://malaysia.search.yahoo.com/favicon.icohttps://malaysia.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://malaysia.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://mathiasbynens.be/notes/javascript-unicode).
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://metager.de/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://metager.de/favicon.icohttps://metager.de/meta/meta.ger3?eingabe=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://metager.de/meta/meta.ger3?eingabe=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://metager.org/meta/meta.ger3?eingabe=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://mx.search.yahoo.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://mx.search.yahoo.com/favicon.icohttps://mx.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://mx.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://mx.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://nl.search.yahoo.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://nl.search.yahoo.com/favicon.icohttps://nl.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://nl.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://nl.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/api/fs.html#fs_stat_time_values)
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://nz.search.yahoo.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://nz.search.yahoo.com/favicon.icohttps://nz.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://nz.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://nz.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://oceanhero.today/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://oceanhero.today/favicon.icohttps://oceanhero.today/web?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://oceanhero.today/web?q=
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pagure.io/lohit
Source: NebulardGame (1).exe, 00000000.00000003.2038080530.0000000002DE6000.00000004.00000020.00020000.00000000.sdmp, NebulardGame (1).exe, 00000000.00000003.2016699656.0000000002DE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://passwords.google.com
Source: NebulardGame (1).exe, 00000000.00000003.2019739475.0000000002DE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://passwords.google.comGoogle
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://pe.search.yahoo.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://pe.search.yahoo.com/favicon.icohttps://pe.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://pe.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://pe.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://petalsearch.com/search?query=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://ph.search.yahoo.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://ph.search.yahoo.com/favicon.icohttps://ph.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://ph.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://ph.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://qc.search.yahoo.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://qc.search.yahoo.com/favicon.icohttps://qc.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://qc.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://qc.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp, NebulardGame (1).exe, 00000000.00000003.1838898780.000000000503C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://registry.npmjs.org/
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://s3.amazonaws.com/$
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://se.search.yahoo.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://se.search.yahoo.com/favicon.icohttps://se.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://se.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://search-static-dre.dbankcdn.com/pc/v1/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://search-static-dre.dbankcdn.com/pc/v1/favicon.icohttps://petalsearch.com/search?query=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://search.avg.com/route/?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://search.daum.net/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://search.daum.net/favicon.icohttps://search.daum.net/search?w=tot&DA=JU5&q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://search.daum.net/search?w=tot&DA=JU5&q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://search.gmx.co.uk/web/result?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://search.gmx.com/web/result?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://search.gmx.es/web/result?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://search.gmx.fr/web/result?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://search.goo.ne.jp/cdn/common/img/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://search.goo.ne.jp/cdn/common/img/favicon.icohttps://search.goo.ne.jp/web.jsp?MT=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://search.goo.ne.jp/sgt.jsp?MT=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://search.goo.ne.jp/web.jsp?MT=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://search.naver.com/search.naver?ie=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://search.privacywall.org/suggest.php?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://search.seznam.cz/?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://search.seznam.cz/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://search.seznam.cz/favicon.icohttps://search.seznam.cz/?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://search.seznam.sk/?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://search.seznam.sk/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://search.seznam.sk/favicon.icohttps://search.seznam.sk/?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://search.yahoo.co.jp/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://search.yahoo.co.jp/favicon.icohttps://search.yahoo.co.jp/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://search.yahoo.co.jp/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://search.yahoo.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://search.yahoo.com?fr=crmas_sfp:
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://searchatlas.centrum.cz/?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://searchatlas.centrum.cz/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://searchatlas.centrum.cz/favicon.icohttps://searchatlas.centrum.cz/?q=
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp, NebulardGame (1).exe, 00000000.00000003.1838898780.000000000503C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://semver.org/
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp, NebulardGame (1).exe, 00000000.00000003.1838898780.000000000503C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://server.net/
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://sg.search.yahoo.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://sg.search.yahoo.com/favicon.icohttps://sg.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://sg.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://sg.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp, NebulardGame (1).exe, 00000000.00000003.1838898780.000000000503C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sindresorhus.com
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp, NebulardGame (1).exe, 00000000.00000003.1838898780.000000000503C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sindresorhus.com)
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sourceforge.net/projects/wtl/files/WTL%2010/
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://sp.ask.com/sh/i/a16/favicon/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://sp.ask.com/sh/i/a16/favicon/favicon.icohttps://www.ask.com/web?q=
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp, NebulardGame (1).exe, 00000000.00000003.1838898780.000000000503C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sqlite.org/
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.icohttps://search.naver.com/search.nav
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://suche.gmx.at/web/result?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://suche.gmx.net/web/result?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://sug.so.360.cn/suggest?encodein=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://sugg.sogou.com/sugg/ajaj_json.jsp?type=addrbar&key=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://suggest.search.daum.net/sushi/opensearch/pc?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://suggest.seznam.cz/fulltext_ff?phrase=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://suggest.seznam.sk/fulltext_ff?phrase=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://suggest.yandex.by/suggest-ff.cgi?part=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://suggest.yandex.com.tr/suggest-ff.cgi?part=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://suggest.yandex.com/suggest-ff.cgi?part=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://suggest.yandex.kz/suggest-ff.cgi?part=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://suggest.yandex.ua/suggest-ff.cgi?part=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://suggestion.baidu.com/su?wd=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://suggestplugin.gmx.at/s?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://suggestplugin.gmx.co.uk/s?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://suggestplugin.gmx.com/s?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://suggestplugin.gmx.es/s?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://suggestplugin.gmx.fr/s?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://suggestplugin.gmx.net/s?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://suggests.go.mail.ru/chrome?q=
Source: NebulardGame (1).exe, 00000000.00000003.2032932497.0000000002DE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://swiftshader.googlesource.com/SwiftShader
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://th.search.yahoo.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://th.search.yahoo.com/favicon.icohttps://th.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://th.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://th.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://tr.search.yahoo.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://tr.search.yahoo.com/favicon.icohttps://tr.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://tr.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://tw.search.yahoo.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://tw.search.yahoo.com/favicon.icohttps://tw.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://tw.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://tw.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://uk.search.yahoo.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://uk.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://ve.search.yahoo.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://ve.search.yahoo.com/favicon.icohttps://ve.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://ve.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://ve.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://vn.search.yahoo.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://vn.search.yahoo.com/favicon.icohttps://vn.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://vn.search.yahoo.com/search
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://vn.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: NebulardGame (1).exe, 00000000.00000003.2039896616.0000000005233000.00000004.00000020.00020000.00000000.sdmp, NebulardGame (1).exe, 00000000.00000003.1838898780.000000000503C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://wiki.debian.org/XDGBaseDirectorySpecification#state
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.ask.com/web?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.baidu.com/
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.baidu.com/#ie=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.baidu.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.baidu.com/favicon.icohttps://www.baidu.com/#ie=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.baidu.com/s?ie=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.delfi.lt/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.delfi.lt/favicon.icohttps://www.delfi.lt/paieska/?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.delfi.lt/paieska/?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.ecosia.org/search?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.givero.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.givero.com/favicon.icohttps://www.givero.com/search?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.givero.com/search?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.givero.com/suggest?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.info.com/serp?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.info.com/static/www.info.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.info.com/static/www.info.com/favicon.icohttps://www.info.com/serp?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.privacywall.org/images/favicon_32x32.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.privacywall.org/images/favicon_32x32.icohttps://www.privacywall.org/search/secure/?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.privacywall.org/search/secure/?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.qwant.com/?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.qwant.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.qwant.com/favicon.icohttps://www.qwant.com/?q=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.so.com/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.so.com/favicon.icohttps://www.so.com/s?ie=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.so.com/s?ie=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.sogou.com/images/logo/old/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.sogou.com/images/logo/old/favicon.icohttps://www.sogou.com/web?ie=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.sogou.com/web?ie=
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.swift.org/download/
Source: NebulardGame (1).exe, 00000000.00000003.1956031489.000000000523E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.unicode.org/copyright.html.
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.yandex.by/chrome/newtab
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.yandex.com.tr/
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.yandex.com.tr/chrome/newtab
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.yandex.kz/chrome/newtab
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.yandex.ua/chrome/newtab
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.zoznam.sk/favicon.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.zoznam.sk/favicon.icohttps://www.zoznam.sk/hladaj.fcgi?s=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://www.zoznam.sk/hladaj.fcgi?s=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://yandex.by/
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://yandex.by/images/search/?rpt=imageview
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://yandex.by/images/search/?rpt=imageviewhttps://www.yandex.by/chrome/newtabhttps://storage.ape
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://yandex.com.tr/gorsel/search?rpt=imageview
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://yandex.com.tr/gorsel/search?rpt=imageviewhttps://www.yandex.com.tr/chrome/newtab
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://yandex.com/images/search?rpt=imageview
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://yandex.com/search/?text=
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://yandex.kz/
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://yandex.kz/images/search/?rpt=imageview
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://yandex.kz/images/search/?rpt=imageviewhttps://www.yandex.kz/chrome/newtab
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://yandex.ua/
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://yandex.ua/images/search/?rpt=imageview
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://yandex.ua/images/search/?rpt=imageviewhttps://www.yandex.ua/chrome/newtab
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.icohttps://yandex.by/
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp String found in binary or memory: https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.icohttps://yandex.com/search/?text=
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\NebulardGame (1).exe Code function: 0_2_00405461 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard, 0_2_00405461
Installs a raw input device (often for capturing keystrokes)
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F84A000.00000002.00000001.01000000.0000000D.sdmp Binary or memory string: RegisterRawInputDevices() failed for RIDEV_REMOVE memstr_e400fd4e-1
Drops certificate files (DER)
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe File created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D Jump to dropped file

System Summary
barindex
Drops large PE files
Source: C:\Users\user\Desktop\NebulardGame (1).exe File dump: Nebulard.exe.0.dr 157975552 Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe File dump: Nebulard.exe0.0.dr 157975552 Jump to dropped file
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\NebulardGame (1).exe Code function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,CoUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_0040338F
Detected potential crypto function
Source: C:\Users\user\Desktop\NebulardGame (1).exe Code function: 0_2_00406B15 0_2_00406B15
Source: C:\Users\user\Desktop\NebulardGame (1).exe Code function: 0_2_004072EC 0_2_004072EC
Source: C:\Users\user\Desktop\NebulardGame (1).exe Code function: 0_2_00404C9E 0_2_00404C9E
Enables security privileges
Source: C:\Users\user\Desktop\NebulardGame (1).exe Process token adjusted: Security Jump to behavior
PE / OLE file has an invalid certificate
Source: NebulardGame (1).exe Static PE information: invalid certificate
PE file contains more sections than normal
Source: vulkan-1.dll0.0.dr Static PE information: Number of sections : 12 > 10
Source: libEGL.dll.0.dr Static PE information: Number of sections : 12 > 10
Source: Nebulard.exe0.0.dr Static PE information: Number of sections : 15 > 10
Source: libGLESv2.dll.0.dr Static PE information: Number of sections : 12 > 10
Source: Nebulard.exe.0.dr Static PE information: Number of sections : 15 > 10
Source: vk_swiftshader.dll0.0.dr Static PE information: Number of sections : 12 > 10
Source: vk_swiftshader.dll.0.dr Static PE information: Number of sections : 12 > 10
Source: libGLESv2.dll0.0.dr Static PE information: Number of sections : 12 > 10
Source: vulkan-1.dll.0.dr Static PE information: Number of sections : 12 > 10
Source: libEGL.dll0.0.dr Static PE information: Number of sections : 12 > 10
Source: ffmpeg.dll0.0.dr Static PE information: Number of sections : 11 > 10
Source: ffmpeg.dll.0.dr Static PE information: Number of sections : 11 > 10
Sample file is different than original file name gathered from version info
Source: NebulardGame (1).exe, 00000000.00000003.2040203246.0000000002DF2000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameElevate.exeH vs NebulardGame (1).exe
Source: NebulardGame (1).exe, 00000000.00000003.1959901859.00000000052F4000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename2 vs NebulardGame (1).exe
Source: NebulardGame (1).exe, 00000000.00000003.2010297290.000000000523F000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamevk_swiftshader.dll, vs NebulardGame (1).exe
Source: NebulardGame (1).exe, 00000000.00000003.1943576098.0000000005235000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs NebulardGame (1).exe
Source: NebulardGame (1).exe, 00000000.00000003.1953535242.0000000005236000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamelibGLESv2.dllb! vs NebulardGame (1).exe
Uses 32bit PE files
Source: NebulardGame (1).exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engine Classification label: sus32.winEXE@22/145@4/3
Source: C:\Users\user\Desktop\NebulardGame (1).exe Code function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,CoUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_0040338F
Source: C:\Users\user\Desktop\NebulardGame (1).exe Code function: 0_2_00404722 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW, 0_2_00404722
Source: C:\Users\user\Desktop\NebulardGame (1).exe Code function: 0_2_00402104 CoCreateInstance, 0_2_00402104
Source: C:\Users\user\Desktop\NebulardGame (1).exe File created: C:\Users\user\AppData\Local\Programs Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Mutant created: NULL
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7472:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7440:120:WilError_03
Source: C:\Users\user\Desktop\NebulardGame (1).exe Mutant created: \Sessions\1\BaseNamedObjects\9564a7c5-e811-5054-8531-3e0680b94024
Source: C:\Users\user\Desktop\NebulardGame (1).exe File created: C:\Users\user\AppData\Local\Temp\nsmF0DE.tmp Jump to behavior
Source: NebulardGame (1).exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\SysWOW64\tasklist.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'NEBULARD.EXE'
Source: C:\Users\user\Desktop\NebulardGame (1).exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Desktop\NebulardGame (1).exe File read: C:\Users\user\Desktop\NebulardGame (1).exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\NebulardGame (1).exe "C:\Users\user\Desktop\NebulardGame (1).exe"
Source: C:\Users\user\Desktop\NebulardGame (1).exe Process created: C:\Windows\SysWOW64\cmd.exe cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Nebulard.exe" | %SYSTEMROOT%\System32\find.exe "Nebulard.exe"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq Nebulard.exe"
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\find.exe C:\Windows\System32\find.exe "Nebulard.exe"
Source: unknown Process created: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe "C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe"
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process created: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe "C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\Nebulard" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1768,i,7681473182926348413,12939458288127095386,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process created: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe "C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\Nebulard" --mojo-platform-channel-handle=1932 --field-trial-handle=1768,i,7681473182926348413,12939458288127095386,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process created: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe "C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\Nebulard" --app-path="C:\Users\user\AppData\Local\Programs\Nebulard\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1732378958099987 --launch-time-ticks=6262912249 --mojo-platform-channel-handle=2072 --field-trial-handle=1768,i,7681473182926348413,12939458288127095386,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "chcp"
Source: C:\Windows\SysWOW64\find.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\find.exe Process created: C:\Windows\System32\chcp.com chcp
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process created: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe "C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\Nebulard" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3464 --field-trial-handle=1768,i,7681473182926348413,12939458288127095386,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Users\user\Desktop\NebulardGame (1).exe Process created: C:\Windows\SysWOW64\cmd.exe cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Nebulard.exe" | %SYSTEMROOT%\System32\find.exe "Nebulard.exe" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq Nebulard.exe" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\find.exe C:\Windows\System32\find.exe "Nebulard.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process created: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe "C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\Nebulard" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1768,i,7681473182926348413,12939458288127095386,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process created: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe "C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\Nebulard" --mojo-platform-channel-handle=1932 --field-trial-handle=1768,i,7681473182926348413,12939458288127095386,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8 Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process created: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe "C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\Nebulard" --app-path="C:\Users\user\AppData\Local\Programs\Nebulard\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1732378958099987 --launch-time-ticks=6262912249 --mojo-platform-channel-handle=2072 --field-trial-handle=1768,i,7681473182926348413,12939458288127095386,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1 Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process created: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe "C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\Nebulard" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3464 --field-trial-handle=1768,i,7681473182926348413,12939458288127095386,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "chcp"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\chcp.com chcp
Source: C:\Users\user\Desktop\NebulardGame (1).exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Section loaded: windows.fileexplorer.common.dll Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Section loaded: ntshrui.dll Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Section loaded: sxs.dll Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\find.exe Section loaded: ulib.dll Jump to behavior
Source: C:\Windows\SysWOW64\find.exe Section loaded: fsutilext.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: ffmpeg.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: uiautomationcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: kbdus.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: windows.ui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: windowmanagementapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: inputhost.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: mscms.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: coloradapterclient.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: mmdevapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: devobj.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: windows.globalization.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: bcp47mrm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: msspellcheckingfacility.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: twinapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: directmanipulation.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: netprofm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: npmproxy.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: cryptnet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: webio.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: ffmpeg.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: uiautomationcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: resourcepolicyclient.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: mf.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: mfplat.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: rtworkq.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: msmpeg2vdec.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: mfperfhelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: dxva2.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: msvproc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: netprofm.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: npmproxy.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\chcp.com Section loaded: ulib.dll
Source: C:\Windows\System32\chcp.com Section loaded: fsutilext.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: kbdus.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: dxcore.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: mf.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: msmpeg2vdec.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: mfperfhelper.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: dxva2.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: msvproc.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: d3d12.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: d3d12.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: d3d12core.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: dxilconv.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: d3dscache.dll
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Section loaded: twinapi.appcore.dll
Source: C:\Users\user\Desktop\NebulardGame (1).exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq Nebulard.exe"
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\NebulardGame (1).exe Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\9564a7c5-e811-5054-8531-3e0680b94024 Jump to behavior
Source: NebulardGame (1).exe Static file information: File size 72967456 > 1048576
Source: NebulardGame (1).exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Dev\elevate\bin\x86\Release\Elevate.pdb source: NebulardGame (1).exe, 00000000.00000003.2040203246.0000000002DF2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdb source: NebulardGame (1).exe, 00000000.00000003.1943576098.0000000005235000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\ffmpeg.dll.pdb source: NebulardGame (1).exe, 00000000.00000003.1945084847.0000000005231000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdbGCTL source: NebulardGame (1).exe, 00000000.00000003.1943576098.0000000005235000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vk_swiftshader.dll.pdb source: NebulardGame (1).exe, 00000000.00000003.2010297290.000000000523F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: NebulardGame (1).exe, 00000000.00000003.1920495498.0000000002E90000.00000004.00001000.00020000.00000000.sdmp, NebulardGame (1).exe, 00000000.00000003.1920911720.0000000004CF0000.00000004.00001000.00020000.00000000.sdmp, NebulardGame (1).exe, 00000000.00000003.1921194037.0000000005802000.00000004.00000020.00020000.00000000.sdmp
PE file contains sections with non-standard names
Source: libGLESv2.dll.0.dr Static PE information: section name: .00cfg
Source: libGLESv2.dll.0.dr Static PE information: section name: .gxfg
Source: libGLESv2.dll.0.dr Static PE information: section name: .retplne
Source: libGLESv2.dll.0.dr Static PE information: section name: .voltbl
Source: libGLESv2.dll.0.dr Static PE information: section name: _RDATA
Source: Nebulard.exe.0.dr Static PE information: section name: .00cfg
Source: Nebulard.exe.0.dr Static PE information: section name: .gxfg
Source: Nebulard.exe.0.dr Static PE information: section name: .retplne
Source: Nebulard.exe.0.dr Static PE information: section name: .rodata
Source: Nebulard.exe.0.dr Static PE information: section name: .voltbl
Source: Nebulard.exe.0.dr Static PE information: section name: CPADinfo
Source: Nebulard.exe.0.dr Static PE information: section name: _RDATA
Source: Nebulard.exe.0.dr Static PE information: section name: malloc_h
Source: vk_swiftshader.dll.0.dr Static PE information: section name: .00cfg
Source: vk_swiftshader.dll.0.dr Static PE information: section name: .gxfg
Source: vk_swiftshader.dll.0.dr Static PE information: section name: .retplne
Source: vk_swiftshader.dll.0.dr Static PE information: section name: .voltbl
Source: vk_swiftshader.dll.0.dr Static PE information: section name: _RDATA
Source: ffmpeg.dll.0.dr Static PE information: section name: .00cfg
Source: ffmpeg.dll.0.dr Static PE information: section name: .gxfg
Source: ffmpeg.dll.0.dr Static PE information: section name: .retplne
Source: ffmpeg.dll.0.dr Static PE information: section name: .voltbl
Source: ffmpeg.dll.0.dr Static PE information: section name: _RDATA
Source: libEGL.dll.0.dr Static PE information: section name: .00cfg
Source: libEGL.dll.0.dr Static PE information: section name: .gxfg
Source: libEGL.dll.0.dr Static PE information: section name: .retplne
Source: libEGL.dll.0.dr Static PE information: section name: .voltbl
Source: libEGL.dll.0.dr Static PE information: section name: _RDATA
Source: libGLESv2.dll0.0.dr Static PE information: section name: .00cfg
Source: libGLESv2.dll0.0.dr Static PE information: section name: .gxfg
Source: libGLESv2.dll0.0.dr Static PE information: section name: .retplne
Source: libGLESv2.dll0.0.dr Static PE information: section name: .voltbl
Source: libGLESv2.dll0.0.dr Static PE information: section name: _RDATA
Source: Nebulard.exe0.0.dr Static PE information: section name: .00cfg
Source: Nebulard.exe0.0.dr Static PE information: section name: .gxfg
Source: Nebulard.exe0.0.dr Static PE information: section name: .retplne
Source: Nebulard.exe0.0.dr Static PE information: section name: .rodata
Source: Nebulard.exe0.0.dr Static PE information: section name: .voltbl
Source: Nebulard.exe0.0.dr Static PE information: section name: CPADinfo
Source: Nebulard.exe0.0.dr Static PE information: section name: _RDATA
Source: Nebulard.exe0.0.dr Static PE information: section name: malloc_h
Source: vulkan-1.dll.0.dr Static PE information: section name: .00cfg
Source: vulkan-1.dll.0.dr Static PE information: section name: .gxfg
Source: vulkan-1.dll.0.dr Static PE information: section name: .retplne
Source: vulkan-1.dll.0.dr Static PE information: section name: .voltbl
Source: vulkan-1.dll.0.dr Static PE information: section name: _RDATA
Source: vk_swiftshader.dll0.0.dr Static PE information: section name: .00cfg
Source: vk_swiftshader.dll0.0.dr Static PE information: section name: .gxfg
Source: vk_swiftshader.dll0.0.dr Static PE information: section name: .retplne
Source: vk_swiftshader.dll0.0.dr Static PE information: section name: .voltbl
Source: vk_swiftshader.dll0.0.dr Static PE information: section name: _RDATA
Source: vulkan-1.dll0.0.dr Static PE information: section name: .00cfg
Source: vulkan-1.dll0.0.dr Static PE information: section name: .gxfg
Source: vulkan-1.dll0.0.dr Static PE information: section name: .retplne
Source: vulkan-1.dll0.0.dr Static PE information: section name: .voltbl
Source: vulkan-1.dll0.0.dr Static PE information: section name: _RDATA
Source: ffmpeg.dll0.0.dr Static PE information: section name: .00cfg
Source: ffmpeg.dll0.0.dr Static PE information: section name: .gxfg
Source: ffmpeg.dll0.0.dr Static PE information: section name: .retplne
Source: ffmpeg.dll0.0.dr Static PE information: section name: .voltbl
Source: ffmpeg.dll0.0.dr Static PE information: section name: _RDATA
Source: libEGL.dll0.0.dr Static PE information: section name: .00cfg
Source: libEGL.dll0.0.dr Static PE information: section name: .gxfg
Source: libEGL.dll0.0.dr Static PE information: section name: .retplne
Source: libEGL.dll0.0.dr Static PE information: section name: .voltbl
Source: libEGL.dll0.0.dr Static PE information: section name: _RDATA
Drops PE files
Source: C:\Users\user\Desktop\NebulardGame (1).exe File created: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe File created: C:\Users\user\AppData\Local\Temp\nsiF1F9.tmp\nsis7z.dll Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe File created: C:\Users\user\AppData\Local\Programs\Nebulard\vk_swiftshader.dll Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe File created: C:\Users\user\AppData\Local\Temp\nsiF1F9.tmp\7z-out\libGLESv2.dll Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe File created: C:\Users\user\AppData\Local\Temp\nsiF1F9.tmp\StdUtils.dll Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe File created: C:\Users\user\AppData\Local\Temp\nsiF1F9.tmp\SpiderBanner.dll Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe File created: C:\Users\user\AppData\Local\Temp\nsiF1F9.tmp\System.dll Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe File created: C:\Users\user\AppData\Local\Temp\nsiF1F9.tmp\7z-out\libEGL.dll Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe File created: C:\Users\user\AppData\Local\Programs\Nebulard\vulkan-1.dll Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe File created: C:\Users\user\AppData\Local\Programs\Nebulard\ffmpeg.dll Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe File created: C:\Users\user\AppData\Local\Programs\Nebulard\libEGL.dll Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe File created: C:\Users\user\AppData\Local\Temp\nsiF1F9.tmp\7z-out\ffmpeg.dll Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe File created: C:\Users\user\AppData\Local\Programs\Nebulard\libGLESv2.dll Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe File created: C:\Users\user\AppData\Local\Temp\nsiF1F9.tmp\7z-out\vulkan-1.dll Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe File created: C:\Users\user\AppData\Local\Temp\nsiF1F9.tmp\7z-out\d3dcompiler_47.dll Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe File created: C:\Users\user\AppData\Local\Temp\nsiF1F9.tmp\nsExec.dll Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe File created: C:\Users\user\AppData\Local\Temp\nsiF1F9.tmp\7z-out\Nebulard.exe Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe File created: C:\Users\user\AppData\Local\Temp\nsiF1F9.tmp\7z-out\resources\elevate.exe Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe File created: C:\Users\user\AppData\Local\Temp\nsiF1F9.tmp\7z-out\vk_swiftshader.dll Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe File created: C:\Users\user\AppData\Local\Programs\Nebulard\d3dcompiler_47.dll Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe File created: C:\Users\user\AppData\Local\Temp\nsiF1F9.tmp\7z-out\LICENSE.electron.txt Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe File created: C:\Users\user\AppData\Local\Programs\Nebulard\LICENSE.electron.txt Jump to behavior
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\explorer.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Windows\explorer.exe Window / User API: foregroundWindowGot 873 Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\NebulardGame (1).exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsiF1F9.tmp\nsis7z.dll Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Nebulard\vk_swiftshader.dll Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsiF1F9.tmp\7z-out\libGLESv2.dll Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsiF1F9.tmp\StdUtils.dll Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsiF1F9.tmp\SpiderBanner.dll Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsiF1F9.tmp\System.dll Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsiF1F9.tmp\7z-out\libEGL.dll Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Nebulard\libEGL.dll Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Nebulard\vulkan-1.dll Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Nebulard\libGLESv2.dll Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsiF1F9.tmp\7z-out\vulkan-1.dll Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsiF1F9.tmp\7z-out\d3dcompiler_47.dll Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsiF1F9.tmp\7z-out\resources\elevate.exe Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsiF1F9.tmp\nsExec.dll Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsiF1F9.tmp\7z-out\vk_swiftshader.dll Jump to dropped file
Source: C:\Users\user\Desktop\NebulardGame (1).exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Nebulard\d3dcompiler_47.dll Jump to dropped file
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe TID: 8140 Thread sleep time: -30000s >= -30000s Jump to behavior
Queries keyboard layouts
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809 Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\NebulardGame (1).exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\NebulardGame (1).exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe File Volume queried: C:\Users\user\AppData\Roaming\Nebulard\Code Cache\wasm FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe File Volume queried: C:\Users\user\AppData\Roaming\Nebulard\Code Cache\js FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe File Volume queried: C:\Users\user\AppData\Roaming\Nebulard\blob_storage\b5d63697-266e-459c-8ac2-555b7ffb4b6b FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe File Volume queried: C:\Users\user\AppData\Roaming\Nebulard\Cache\Cache_Data FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe File Volume queried: C:\Users\user\AppData\Local\Programs\Nebulard FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe File Volume queried: C:\Users\user\AppData\Local\Programs\Nebulard FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe File Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe File Volume queried: C:\Users\user FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe File Volume queried: C:\Users\user FullSizeInformation
Source: C:\Users\user\Desktop\NebulardGame (1).exe Code function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, 0_2_004059CC
Source: C:\Users\user\Desktop\NebulardGame (1).exe Code function: 0_2_004065FD FindFirstFileW,FindClose, 0_2_004065FD
Source: C:\Users\user\Desktop\NebulardGame (1).exe Code function: 0_2_00402868 FindFirstFileW, 0_2_00402868
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe File opened: C:\Users\user Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe File opened: C:\Users\user\AppData\Local\Programs\Nebulard Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe File opened: C:\Users\user\AppData\Local\Programs\Nebulard\resources Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe File opened: C:\Users\user\AppData Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe File opened: C:\Users\user\AppData\Local Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe File opened: C:\Users\user\AppData\Local\Programs Jump to behavior
Source: explorer.exe, 0000000C.00000000.2134042633.0000000009815000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}$
Source: explorer.exe, 0000000C.00000000.2134042633.0000000009815000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: NECVMWar VMware SATA CD00\w
Source: Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F84A000.00000002.00000001.01000000.0000000D.sdmp Binary or memory string: VMware Fusion 4 has corrupt rendering with Win Vista+
Source: explorer.exe, 0000000C.00000000.2125850677.0000000001240000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000000}
Source: explorer.exe, 0000000C.00000000.2131067912.00000000079FB000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp Binary or memory string: VMware, Inc.
Source: explorer.exe, 0000000C.00000000.2135250081.0000000009977000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: VMware SATA CD00
Source: Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp Binary or memory string: VMware Inc.
Source: explorer.exe, 0000000C.00000000.2134042633.0000000009815000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f&0&000000
Source: NebulardGame (1).exe, 00000000.00000003.1945084847.0000000005231000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: vmncVMware Screen Codec / VMware Videovp5On2 VP5vp6On2 VP6vp6fOn2 VP6 (Flash version)targaTruevision Targa imageimage/x-targaimage/x-tga
Source: explorer.exe, 0000000C.00000000.2134042633.00000000097D4000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp Binary or memory string: Gearway Electronics (Dong Guan) Co., Ltd.VMware Inc.Olimex Ltd.
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F898000.00000002.00000001.01000000.0000000D.sdmp Binary or memory string: Qemu Audio Device
Source: explorer.exe, 0000000C.00000000.2135250081.0000000009977000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: explorer.exe, 0000000C.00000000.2125850677.0000000001240000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: NebulardGame (1).exe, 00000000.00000003.1945084847.0000000005231000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMware Screen Codec / VMware Video
Source: Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F84A000.00000002.00000001.01000000.0000000D.sdmp Binary or memory string: VMware can crash with older drivers and WebGL content
Source: explorer.exe, 0000000C.00000000.2125850677.0000000001240000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: C:\Users\user\Desktop\NebulardGame (1).exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\NebulardGame (1).exe Process information queried: ProcessInformation Jump to behavior
Enables debug privileges
Source: C:\Windows\SysWOW64\tasklist.exe Process token adjusted: Debug Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\NebulardGame (1).exe Process created: C:\Windows\SysWOW64\cmd.exe cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Nebulard.exe" | %SYSTEMROOT%\System32\find.exe "Nebulard.exe" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq Nebulard.exe" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\find.exe C:\Windows\System32\find.exe "Nebulard.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process created: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe "C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\Nebulard" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1768,i,7681473182926348413,12939458288127095386,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process created: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe "C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\Nebulard" --mojo-platform-channel-handle=1932 --field-trial-handle=1768,i,7681473182926348413,12939458288127095386,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8 Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process created: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe "C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\Nebulard" --app-path="C:\Users\user\AppData\Local\Programs\Nebulard\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1732378958099987 --launch-time-ticks=6262912249 --mojo-platform-channel-handle=2072 --field-trial-handle=1768,i,7681473182926348413,12939458288127095386,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1 Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process created: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe "C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\user\AppData\Roaming\Nebulard" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3464 --field-trial-handle=1768,i,7681473182926348413,12939458288127095386,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "chcp"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\chcp.com chcp
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process created: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe "c:\users\user\appdata\local\programs\nebulard\nebulard.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\nebulard" --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaaegaaaaaaaaasaaaaaaaaaayaaaaagaaabaaaaaaaaaagaaaaaaaaaaqaaaaaaaaaaaaaaaoaaaaeaaaaaaaaaabaaaadgaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1556 --field-trial-handle=1768,i,7681473182926348413,12939458288127095386,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process created: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe "c:\users\user\appdata\local\programs\nebulard\nebulard.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\nebulard" --mojo-platform-channel-handle=1932 --field-trial-handle=1768,i,7681473182926348413,12939458288127095386,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process created: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe "c:\users\user\appdata\local\programs\nebulard\nebulard.exe" --type=renderer --user-data-dir="c:\users\user\appdata\roaming\nebulard" --app-path="c:\users\user\appdata\local\programs\nebulard\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1732378958099987 --launch-time-ticks=6262912249 --mojo-platform-channel-handle=2072 --field-trial-handle=1768,i,7681473182926348413,12939458288127095386,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:1
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process created: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe "c:\users\user\appdata\local\programs\nebulard\nebulard.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="c:\users\user\appdata\roaming\nebulard" --gpu-preferences=uaaaaaaaaadoaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaacqaaaaaaaaaaaaaaaaaaaaaaaaaegaaaaaaaaasaaaaaaaaaayaaaaagaaabaaaaaaaaaagaaaaaaaaaaqaaaaaaaaaaaaaaaoaaaaeaaaaaaaaaabaaaadgaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=3464 --field-trial-handle=1768,i,7681473182926348413,12939458288127095386,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process created: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe "c:\users\user\appdata\local\programs\nebulard\nebulard.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\nebulard" --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaaegaaaaaaaaasaaaaaaaaaayaaaaagaaabaaaaaaaaaagaaaaaaaaaaqaaaaaaaaaaaaaaaoaaaaeaaaaaaaaaabaaaadgaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=1556 --field-trial-handle=1768,i,7681473182926348413,12939458288127095386,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2 Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process created: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe "c:\users\user\appdata\local\programs\nebulard\nebulard.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\nebulard" --mojo-platform-channel-handle=1932 --field-trial-handle=1768,i,7681473182926348413,12939458288127095386,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:8 Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process created: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe "c:\users\user\appdata\local\programs\nebulard\nebulard.exe" --type=renderer --user-data-dir="c:\users\user\appdata\roaming\nebulard" --app-path="c:\users\user\appdata\local\programs\nebulard\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1732378958099987 --launch-time-ticks=6262912249 --mojo-platform-channel-handle=2072 --field-trial-handle=1768,i,7681473182926348413,12939458288127095386,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:1 Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Process created: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe "c:\users\user\appdata\local\programs\nebulard\nebulard.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="c:\users\user\appdata\roaming\nebulard" --gpu-preferences=uaaaaaaaaadoaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaacqaaaaaaaaaaaaaaaaaaaaaaaaaegaaaaaaaaasaaaaaaaaaayaaaaagaaabaaaaaaaaaagaaaaaaaaaaqaaaaaaaaaaaaaaaoaaaaeaaaaaaaaaabaaaadgaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=3464 --field-trial-handle=1768,i,7681473182926348413,12939458288127095386,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2 Jump to behavior
Source: explorer.exe, 0000000C.00000000.2134042633.0000000009815000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Shell_TrayWnd
Source: Nebulard.exe, 00000009.00000000.2110177160.00007FF78F3A2000.00000002.00000001.01000000.0000000D.sdmp, Nebulard.exe, 0000000B.00000000.2148787219.00007FF78F3A2000.00000002.00000001.01000000.0000000D.sdmp Binary or memory string: ..\..\electron\shell\browser\ui\views\electron_views_delegate_win.ccGetAppbarAutohideEdgesShell_TrayWnd
Source: explorer.exe, 0000000C.00000000.2125850677.0000000001240000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: 1Progman$
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Queries volume information: C:\Users VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Queries volume information: C:\Users\user VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Queries volume information: C:\Users\user\AppData\Local\Programs VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Nebulard VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Nebulard\resources\app.asar VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Queries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Queries volume information: C:\Users VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Queries volume information: C:\Users\user VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Queries volume information: C:\Users\user\AppData VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Queries volume information: C:\Users\user\AppData\Local\Programs VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Queries volume information: C:\Users\user\AppData\Local\Programs\Nebulard\resources\app.asar VolumeInformation
Source: C:\Users\user\Desktop\NebulardGame (1).exe Code function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,CoUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_0040338F
Source: C:\Users\user\AppData\Local\Programs\Nebulard\Nebulard.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1561556 Sample: NebulardGame (1).exe Startdate: 23/11/2024 Architecture: WINDOWS Score: 32 45 x1.i.lencr.org 2->45 47 chrome.cloudflare-dns.com 2->47 49 2 other IPs or domains 2->49 57 Drops large PE files 2->57 9 NebulardGame (1).exe 12 193 2->9         started        12 Nebulard.exe 45 2->12         started        signatures3 process4 file5 37 C:\Users\user\AppData\Local\...\nsis7z.dll, PE32 9->37 dropped 39 C:\Users\user\AppData\Local\...\nsExec.dll, PE32 9->39 dropped 41 C:\Users\user\AppData\Local\...\System.dll, PE32 9->41 dropped 43 17 other files (none is malicious) 9->43 dropped 14 cmd.exe 1 9->14         started        16 Nebulard.exe 12->16         started        18 Nebulard.exe 12->18         started        21 Nebulard.exe 1 12->21         started        23 2 other processes 12->23 process6 dnsIp7 25 conhost.exe 14->25         started        27 tasklist.exe 1 14->27         started        29 find.exe 1 14->29         started        31 cmd.exe 16->31         started        51 a.nel.cloudflare.com 35.190.80.1, 443, 49751, 49757 GOOGLEUS United States 18->51 53 cdnjs.cloudflare.com 104.17.24.14, 443, 49749 CLOUDFLARENETUS United States 18->53 55 chrome.cloudflare-dns.com 172.64.41.3, 443, 49752, 49753 CLOUDFLARENETUS United States 18->55 process8 process9 33 conhost.exe 31->33         started        35 chcp.com 31->35         started       
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.17.24.14
 cdnjs.cloudflare.com United States
13335 CLOUDFLARENETUS false
35.190.80.1
 a.nel.cloudflare.com United States
15169 GOOGLEUS false
172.64.41.3
 chrome.cloudflare-dns.com United States
13335 CLOUDFLARENETUS false

Contacted Domains

Name IP Active
chrome.cloudflare-dns.com 172.64.41.3 true
a.nel.cloudflare.com 35.190.80.1 true
cdnjs.cloudflare.com 104.17.24.14 true
x1.i.lencr.org unknown unknown