Windows Analysis Report
313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Overview

General Information

Sample name:	313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe
Analysis ID:	1561625
MD5:	e798e063c5947433498952d70975bf3e
SHA1:	11505b6de23aba4a9a66b48339616080b8e89239
SHA256:	313e4225be01a2f968dd52e4e8c0b9fd08c906289779b2e65b445759f9274a3d
Tags:	DCRatexeuser-abuse_ch
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Contains capabilities to detect virtual machines

IP address seen in connection with other malware

May check the online IP address of the machine

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Virustotal: Detection: 6%

Perma Link

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 104.26.13.205 104.26.13.205
Source: Joe Sandbox View	IP Address: 104.26.13.205 104.26.13.205

May check the online IP address of the machine

Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: api.ipify.org

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://.css
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://.jpg
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://code.google.com/p/closure-compiler/wiki/SourceMaps
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EAE7000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EAE7000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EAE7000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EAE7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045342035.0000015D4E96C000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2039362746.0000015D4E955000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2042088225.0000015D4E955000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043664906.0000015D4E964000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2044700985.0000015D4E96C000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045760774.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047767937.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2044295642.0000015D4E969000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043604325.0000015D4E955000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2042969121.0000015D4E955000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EAE7000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EAE7000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EAE7000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EAE7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2046608797.0000015D4CFBB000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043489184.0000015D4CFBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045199016.0000015D4E9E1000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047593950.0000015D4E9E8000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045899050.0000015D4E9E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2046608797.0000015D4CFBB000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043489184.0000015D4CFBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crlr
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2046684567.0000015D4CFD7000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045939299.0000015D4CFD7000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043373760.0000015D4CFCC000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045760774.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047767937.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045760774.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047767937.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl;m
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045760774.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047767937.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045760774.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047767937.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crlgm
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045760774.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047767937.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045760774.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047767937.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045760774.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047767937.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crlX
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://html4/loose.dtd
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: http://narwhaljs.org)
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045760774.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047767937.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es0
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/:
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.js
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://userguide.icu-project.org/strings/properties
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: http://www.3waylabs.com/nw/WWW/products/wizcon/vt220.html
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045760774.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047767937.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es00
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/a
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045760774.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047767937.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.midnight-commander.org/browser/lib/tty/key.c
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047747329.0000015D4EA15000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA0C000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA0D000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA0B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045760774.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047767937.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047747329.0000015D4EA15000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA0C000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA0D000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA0B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps6
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.squid-cache.org/Doc/config/half_closed_clients/
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.unicode.org/copyright.html
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043923531.0000015D4EA04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org?format=json
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=10201
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=10704
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2020466491.0000015D4D001000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038678027.00000298B17C0000.00000004.00001000.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=6593
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=745678
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=25916
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#clear
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#console-namespace
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#count
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#count-map
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#countreset
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#table
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://crbug.com/v8/7848
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://crbug.com/v8/8520
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://cs.chromium.org/chromium/src/v8/tools/SourceMap.js?rcl=dd10454c1d
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043923531.0000015D4EA04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://deushack.site/loader.exe
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/SpiderMonkey/Parser_API
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Equality_comparisons_and_sameness#Loose_equa
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org/#textdecoder
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org/#textencoder
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: https://esdiscuss.org/topic/isconstructor#content-11
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://gist.github.com/XVilka/8346728#gistcomment-2823421
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/acornjs/acorn/blob/master/acorn/src/identifier.js#L23
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/acornjs/acorn/issues/575
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: https://github.com/antirez/linenoise
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/chalk/ansi-regex/blob/HEAD/index.js
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/chalk/supports-color
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/da-x/rxvt-unicode/tree/v9.22-with-24bit-color
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/estree/estree/blob/a27003adf4fd7bfad44de9cef372a2eacd527b1c/es5.md#regexpliteral
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/repairES5.js
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/startSES.js
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/google/closure-compiler/wiki/Source-Maps
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/isaacs/color-support.
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: https://github.com/joyent/node/issues/3295.
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/libuv/libuv/pull/1501.
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/mafintosh/end-of-stream
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/mafintosh/pump
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/mysticatea/abort-controller
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: https://github.com/nodejs/node-v0.x-archive/issues/2876.
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038653753.00000387B7B00000.00000004.00001000.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2039185168.00000120B3A80000.00000004.00001000.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2020976056.0000015D4E9B5000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038372382.000000E65B8C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/blob/1a96d83a223ff9f05f7d942fb84440d323f7b596/lib/internal/bootstrap/
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/commit/ec2822adaad76b126b5cccdeaa1addf2376c9aa6
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/commit/f7620fb96d339f704932f9bb9a0dceb9952df2d4
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/10673
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/13435
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/19009
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/2006
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: https://github.com/nodejs/node/issues/2119
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/32020
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/3392
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/35475
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/35981
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/39707
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: https://github.com/nodejs/node/pull/12342
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/12607
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/13870#discussion_r124515293
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: https://github.com/nodejs/node/pull/1771#issuecomment-119351671
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/21313
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/26334.
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/30380#issuecomment-552948364
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/30958
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038653753.00000387B7B00000.00000004.00001000.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2039185168.00000120B3A80000.00000004.00001000.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2020976056.0000015D4E9B5000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038372382.000000E65B8C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/33229
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/33661
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/3394
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34010
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34103#issuecomment-652002364
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34375
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/35949#issuecomment-722496598
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2020466491.0000015D4D001000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038678027.00000298B17C0000.00000004.00001000.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/38248
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: https://github.com/nodejs/node/pull/38433#issuecomment-828426932
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/standard-things/esm/issues/821.
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/tc39/ecma262/blob/HEAD/LICENSE.md
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/tc39/ecma262/issues/1209
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/tc39/proposal-ses/blob/e5271cc42a257a05dcae2fd94713ed2f46c08620/shim/src/freeze.j
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/tc39/proposal-weakrefs
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038653753.00000387B7B00000.00000004.00001000.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2039185168.00000120B3A80000.00000004.00001000.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2020976056.0000015D4E9B5000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038372382.000000E65B8C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/vercel/pkg/issues/1589
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: https://goo.gl/t5IS6M).
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#define-the-operations
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-class-string
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-default-iterator-object
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-iterator-prototype-object
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-interfaces
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterable
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterable-entries
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterators
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-namespaces
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-operations
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-stringifier
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaque
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://invisible-island.net/ncurses/terminfo.ti.html#toc-_Specials
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: https://invisible-island.net/xterm/ctlseqs/ctlseqs.html
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://linux.die.net/man/1/dircolors).
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://no-color.org/
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://nodejs.org/
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode).
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://nodejs.org/api/fs.html
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2039101145.000003509B000000.00000004.00001000.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2046009912.0000015D4CF92000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2046063042.0000015D4CFA9000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://nodejs.org/download/release/v14.20.0/node-v14.20.0-headers.tar.gz
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038488180.000001E29ADA4000.00000004.00001000.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2039101145.000003509B000000.00000004.00001000.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2046009912.0000015D4CF92000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2046063042.0000015D4CFA9000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://nodejs.org/download/release/v14.20.0/node-v14.20.0.tar.gz
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2039101145.000003509B000000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/download/release/v14.20.0/node-v14.20.0.tar.gzI
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://nodejs.org/download/release/v14.20.0/node-v14.20.0.tar.gzhttps://nodejs.org/download/release
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2046037994.0000015D4CF9A000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2046587086.0000015D4CFAD000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2046009912.0000015D4CF92000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2046063042.0000015D4CFA9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/download/release/v14.20.0/node-v14.20.0.tar.gzt
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038488180.000001E29ADA4000.00000004.00001000.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2039101145.000003509B000000.00000004.00001000.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2046009912.0000015D4CF92000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2046063042.0000015D4CFA9000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://nodejs.org/download/release/v14.20.0/win-x64/node.lib
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2039101145.000003509B000000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/download/release/v14.20.0/win-x64/node.libQ
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://sourcemaps.info/spec.html
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://stackoverflow.com/a/5501711/3561
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2039130911.0000031C5AE80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://t.me/DeusWinbot
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2020466491.0000015D4D001000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038678027.00000298B17C0000.00000004.00001000.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tc39.es/ecma262/#sec-%typedarray%-intrinsic-object
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: https://tc39.github.io/ecma262/#sec-%typedarray%.of
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-object.prototype.tostring
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2397#section-2
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: https://tools.ietf.org/html/rfc3492#section-3.4
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3986#section-3.2.2
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc6455#section-1.3
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.2
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.6
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7540#section-8.1.2.5
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#cannot-have-a-username-password-port
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-url
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-url-origin
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-parser
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-serializer
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#special-scheme
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#url
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams-stringification-behavior
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://v8.dev/blog/v8-release-89
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#the-integrity-attribute
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3F
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2044440037.0000015D4E9F1000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045739605.0000015D4E9FA000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047691842.0000015D4EA03000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.catcert.net/verarrel
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.catcert.net/verarrel05
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-line-terminators
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2020466491.0000015D4D001000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038678027.00000298B17C0000.00000004.00001000.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-promise.all
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-timeclip
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: https://www.ecma-international.org/ecma-262/5.1/#sec-15.1.3.4
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Alternative
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Atom
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClass
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClassEscape
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtom
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtomNoDash
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassRanges
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlEscape
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlLetter
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalDigits
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalEscape
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Disjunction
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Hex4Digits
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigit
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigits
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexEscapeSequence
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRanges
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRangesNoDash
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-OctalDigit
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Pattern
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-PatternCharacter
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Quantifier
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-QuantifierPrefix
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-RegExpUnicodeEscapeSequence
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-SyntaxCharacter
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Assertion
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-AtomEscape
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-CharacterEscape
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassControlLetter
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassEscape
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedAtom
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedPatternCharacter
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-IdentityEscape
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-InvalidBracedQuantifier
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-LegacyOctalEscapeSequence
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Term
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-atomescape
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-term
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: https://www.iana.org/assignments/tls-extensiontype-values
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EAE7000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EAE7000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EAE7000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EAE7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/0m

Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Sample file is different than original file name gathered from version info

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2051306149.00007FF6C5637000.00000002.00000001.01000000.00000003.sdmp

Binary or memory string: OriginalFilenamenode.exe* vs 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Source: classification engine

Classification label: mal52.evad.winEXE@2/0@1/1

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6392:120:WilError_03

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Virustotal: Detection: 6%

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: const { NativeModule } = require('internal/bootstrap/loaders');
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: const { Module } = require('internal/modules/cjs/loader');
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: const CJSModule = require('internal/modules/cjs/loader').Module;

Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

File read: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe "C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe"
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: fwpuclnt.dll	Jump to behavior

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Static PE information: More than 8191 > 100 exports found

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Static file information: File size 31536351 > 1048576

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x1050600
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0xc83a00

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Static PE information: More than 200 imports for KERNEL32.dll

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

PE file contains sections with non-standard names

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Static PE information: section name: _RDATA

Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: \\?\C:\SBIEDLL.DLLPM!
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047709993.0000015D4EA09000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045675630.0000015D4EA05000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038997652.0000003959FC8000.00000004.00001000.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043923531.0000015D4EA04000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: SBIEDLL.DLL
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038997652.0000003959FC8000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: SBIEDLL.DLL
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: C:\SBIEDLL.DLLI
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: \SBIEDLL.DLL
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: C:\SBIEDLL.DLL
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: C:\SBIEDLL.DLLY
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: SBIEDLL.DLL\!

Contains capabilities to detect virtual machines

Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	File opened / queried: C:\VBoxService.exe			Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	File opened / queried: C:\vmtoolsd.exe			Jump to behavior

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: :\vmtoolsd.
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043923531.0000015D4EA04000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038997652.0000003959FC8000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: isVirtualMachine
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043923531.0000015D4EA04000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VBoxService.exe
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: C:\VBoxService.exeg
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: C:\VBoxService.exe
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmtoolsd.exe
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038997652.0000003959FC8000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VBoxService.exe
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: C:\vmtoolsd.exeI
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmtoolsd.exe\
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047709993.0000015D4EA09000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045675630.0000015D4EA05000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043923531.0000015D4EA04000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: isVirtualMachine
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: \\?\C:\VBoxService.exe
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2046461726.0000015D4CF60000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmtoolsd.exe\I
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: \\?\C:\VBoxService.exe!
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VBoxService.exe\
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: C:\vmtoolsd.exe
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: lgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmcIGfE
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: C:\vmtoolsd.exey
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: \\?\C:\vmtoolsd.exe

Queries information about the installed CPU (vendor, model number etc)

Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Queries volume information: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe VolumeInformation

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.26.13.205	api.ipify.org	United States		13335	CLOUDFLARENETUS	false

Contacted Domains

Name	IP	Active
api.ipify.org	104.26.13.205	true

AV Detection

Multi AV Scanner detection for submitted file

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Virustotal: Detection: 6%

Perma Link

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 104.26.13.205 104.26.13.205
Source: Joe Sandbox View	IP Address: 104.26.13.205 104.26.13.205

May check the online IP address of the machine

Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: api.ipify.org

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://.css
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://.jpg
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://code.google.com/p/closure-compiler/wiki/SourceMaps
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EAE7000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EAE7000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EAE7000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EAE7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045342035.0000015D4E96C000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2039362746.0000015D4E955000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2042088225.0000015D4E955000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043664906.0000015D4E964000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2044700985.0000015D4E96C000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045760774.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047767937.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2044295642.0000015D4E969000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043604325.0000015D4E955000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2042969121.0000015D4E955000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EAE7000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EAE7000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EAE7000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EAE7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2046608797.0000015D4CFBB000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043489184.0000015D4CFBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045199016.0000015D4E9E1000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047593950.0000015D4E9E8000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045899050.0000015D4E9E7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2046608797.0000015D4CFBB000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043489184.0000015D4CFBA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crlr
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2046684567.0000015D4CFD7000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045939299.0000015D4CFD7000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043373760.0000015D4CFCC000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045760774.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047767937.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045760774.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047767937.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl;m
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045760774.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047767937.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045760774.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047767937.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crlgm
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045760774.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047767937.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045760774.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047767937.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045760774.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047767937.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crlX
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://html4/loose.dtd
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: http://narwhaljs.org)
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045760774.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047767937.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es0
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/:
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.js
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://userguide.icu-project.org/strings/properties
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: http://www.3waylabs.com/nw/WWW/products/wizcon/vt220.html
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045760774.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047767937.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es00
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/a
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045760774.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047767937.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.midnight-commander.org/browser/lib/tty/key.c
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047747329.0000015D4EA15000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA0C000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA0D000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA0B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045760774.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047767937.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047747329.0000015D4EA15000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA0C000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA0D000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA0B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps6
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.squid-cache.org/Doc/config/half_closed_clients/
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: http://www.unicode.org/copyright.html
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043923531.0000015D4EA04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org?format=json
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=10201
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=10704
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2020466491.0000015D4D001000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038678027.00000298B17C0000.00000004.00001000.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=6593
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=745678
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=25916
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#clear
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#console-namespace
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#count
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#count-map
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#countreset
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://console.spec.whatwg.org/#table
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://crbug.com/v8/7848
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://crbug.com/v8/8520
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://cs.chromium.org/chromium/src/v8/tools/SourceMap.js?rcl=dd10454c1d
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043923531.0000015D4EA04000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://deushack.site/loader.exe
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/SpiderMonkey/Parser_API
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Equality_comparisons_and_sameness#Loose_equa
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org/#textdecoder
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://encoding.spec.whatwg.org/#textencoder
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: https://esdiscuss.org/topic/isconstructor#content-11
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://gist.github.com/XVilka/8346728#gistcomment-2823421
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/acornjs/acorn/blob/master/acorn/src/identifier.js#L23
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/acornjs/acorn/issues/575
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: https://github.com/antirez/linenoise
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/chalk/ansi-regex/blob/HEAD/index.js
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/chalk/supports-color
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/da-x/rxvt-unicode/tree/v9.22-with-24bit-color
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/estree/estree/blob/a27003adf4fd7bfad44de9cef372a2eacd527b1c/es5.md#regexpliteral
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/repairES5.js
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/startSES.js
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/google/closure-compiler/wiki/Source-Maps
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/isaacs/color-support.
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: https://github.com/joyent/node/issues/3295.
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/libuv/libuv/pull/1501.
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/mafintosh/end-of-stream
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/mafintosh/pump
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/mysticatea/abort-controller
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: https://github.com/nodejs/node-v0.x-archive/issues/2876.
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038653753.00000387B7B00000.00000004.00001000.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2039185168.00000120B3A80000.00000004.00001000.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2020976056.0000015D4E9B5000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038372382.000000E65B8C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/blob/1a96d83a223ff9f05f7d942fb84440d323f7b596/lib/internal/bootstrap/
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/commit/ec2822adaad76b126b5cccdeaa1addf2376c9aa6
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/commit/f7620fb96d339f704932f9bb9a0dceb9952df2d4
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/10673
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/13435
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/19009
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/2006
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: https://github.com/nodejs/node/issues/2119
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/32020
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/3392
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/35475
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/35981
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/issues/39707
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: https://github.com/nodejs/node/pull/12342
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/12607
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/13870#discussion_r124515293
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: https://github.com/nodejs/node/pull/1771#issuecomment-119351671
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/21313
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/26334.
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/30380#issuecomment-552948364
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/30958
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038653753.00000387B7B00000.00000004.00001000.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2039185168.00000120B3A80000.00000004.00001000.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2020976056.0000015D4E9B5000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038372382.000000E65B8C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/33229
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/33661
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/3394
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34010
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34103#issuecomment-652002364
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/34375
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/35949#issuecomment-722496598
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2020466491.0000015D4D001000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038678027.00000298B17C0000.00000004.00001000.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/nodejs/node/pull/38248
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: https://github.com/nodejs/node/pull/38433#issuecomment-828426932
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/standard-things/esm/issues/821.
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/tc39/ecma262/blob/HEAD/LICENSE.md
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/tc39/ecma262/issues/1209
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/tc39/proposal-ses/blob/e5271cc42a257a05dcae2fd94713ed2f46c08620/shim/src/freeze.j
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/tc39/proposal-weakrefs
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038653753.00000387B7B00000.00000004.00001000.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2039185168.00000120B3A80000.00000004.00001000.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2020976056.0000015D4E9B5000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038372382.000000E65B8C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/vercel/pkg/issues/1589
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: https://goo.gl/t5IS6M).
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#define-the-operations
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-class-string
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-default-iterator-object
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#dfn-iterator-prototype-object
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-interfaces
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterable
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterable-entries
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-iterators
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-namespaces
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-operations
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://heycam.github.io/webidl/#es-stringifier
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaque
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://invisible-island.net/ncurses/terminfo.ti.html#toc-_Specials
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: https://invisible-island.net/xterm/ctlseqs/ctlseqs.html
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://linux.die.net/man/1/dircolors).
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://no-color.org/
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://nodejs.org/
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode).
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://nodejs.org/api/fs.html
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2039101145.000003509B000000.00000004.00001000.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2046009912.0000015D4CF92000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2046063042.0000015D4CFA9000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://nodejs.org/download/release/v14.20.0/node-v14.20.0-headers.tar.gz
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038488180.000001E29ADA4000.00000004.00001000.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2039101145.000003509B000000.00000004.00001000.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2046009912.0000015D4CF92000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2046063042.0000015D4CFA9000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://nodejs.org/download/release/v14.20.0/node-v14.20.0.tar.gz
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2039101145.000003509B000000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/download/release/v14.20.0/node-v14.20.0.tar.gzI
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://nodejs.org/download/release/v14.20.0/node-v14.20.0.tar.gzhttps://nodejs.org/download/release
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2046037994.0000015D4CF9A000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2046587086.0000015D4CFAD000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2046009912.0000015D4CF92000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2046063042.0000015D4CFA9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/download/release/v14.20.0/node-v14.20.0.tar.gzt
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038488180.000001E29ADA4000.00000004.00001000.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2039101145.000003509B000000.00000004.00001000.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2046009912.0000015D4CF92000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2046063042.0000015D4CFA9000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://nodejs.org/download/release/v14.20.0/win-x64/node.lib
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2039101145.000003509B000000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://nodejs.org/download/release/v14.20.0/win-x64/node.libQ
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://sourcemaps.info/spec.html
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://stackoverflow.com/a/5501711/3561
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2039130911.0000031C5AE80000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://t.me/DeusWinbot
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2020466491.0000015D4D001000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038678027.00000298B17C0000.00000004.00001000.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tc39.es/ecma262/#sec-%typedarray%-intrinsic-object
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: https://tc39.github.io/ecma262/#sec-%typedarray%.of
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tc39.github.io/ecma262/#sec-object.prototype.tostring
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2397#section-2
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: https://tools.ietf.org/html/rfc3492#section-3.4
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3986#section-3.2.2
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc6455#section-1.3
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.2
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.6
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7540#section-8.1.2.5
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#cannot-have-a-username-password-port
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-url
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-url-origin
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-parser
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-serializer
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#special-scheme
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#url
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams-stringification-behavior
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://v8.dev/blog/v8-release-89
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#the-integrity-attribute
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3F
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2044440037.0000015D4E9F1000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045739605.0000015D4E9FA000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047691842.0000015D4EA03000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.catcert.net/verarrel
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.catcert.net/verarrel05
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-line-terminators
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2020466491.0000015D4D001000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038678027.00000298B17C0000.00000004.00001000.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-promise.all
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-timeclip
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: https://www.ecma-international.org/ecma-262/5.1/#sec-15.1.3.4
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Alternative
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Atom
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClass
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-CharacterClassEscape
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtom
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassAtomNoDash
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ClassRanges
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlEscape
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-ControlLetter
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalDigits
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-DecimalEscape
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Disjunction
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Hex4Digits
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigit
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexDigits
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-HexEscapeSequence
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRanges
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-NonemptyClassRangesNoDash
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-OctalDigit
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Pattern
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-PatternCharacter
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-Quantifier
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-QuantifierPrefix
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-RegExpUnicodeEscapeSequence
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-SyntaxCharacter
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Assertion
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-AtomEscape
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-CharacterEscape
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassControlLetter
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ClassEscape
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedAtom
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-ExtendedPatternCharacter
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-IdentityEscape
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-InvalidBracedQuantifier
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-LegacyOctalEscapeSequence
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#prod-annexB-Term
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-atomescape
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.ecma-international.org/ecma-262/8.0/#sec-term
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: https://www.iana.org/assignments/tls-extensiontype-values
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000000.2017641065.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EA4F000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EA54000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045360717.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EA3E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043750511.0000015D4EAE7000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045519870.0000015D4EAE7000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038113163.0000015D4EAE7000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047842195.0000015D4EAE7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/0m

Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Sample file is different than original file name gathered from version info

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2051306149.00007FF6C5637000.00000002.00000001.01000000.00000003.sdmp

Binary or memory string: OriginalFilenamenode.exe* vs 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Source: classification engine

Classification label: mal52.evad.winEXE@2/0@1/1

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6392:120:WilError_03

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Virustotal: Detection: 6%

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: const { NativeModule } = require('internal/bootstrap/loaders');
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: const { Module } = require('internal/modules/cjs/loader');
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	String found in binary or memory: const CJSModule = require('internal/modules/cjs/loader').Module;

Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

File read: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe "C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe"
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Section loaded: fwpuclnt.dll	Jump to behavior

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Static PE information: More than 8191 > 100 exports found

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Static file information: File size 31536351 > 1048576

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x1050600
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0xc83a00

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Static PE information: More than 200 imports for KERNEL32.dll

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

PE file contains sections with non-standard names

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Static PE information: section name: _RDATA

Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: \\?\C:\SBIEDLL.DLLPM!
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047709993.0000015D4EA09000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045675630.0000015D4EA05000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038997652.0000003959FC8000.00000004.00001000.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043923531.0000015D4EA04000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: SBIEDLL.DLL
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038997652.0000003959FC8000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: SBIEDLL.DLL
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: C:\SBIEDLL.DLLI
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: \SBIEDLL.DLL
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: C:\SBIEDLL.DLL
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: C:\SBIEDLL.DLLY
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: SBIEDLL.DLL\!

Contains capabilities to detect virtual machines

Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	File opened / queried: C:\VBoxService.exe			Jump to behavior
Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe	File opened / queried: C:\vmtoolsd.exe			Jump to behavior

Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: :\vmtoolsd.
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043923531.0000015D4EA04000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038997652.0000003959FC8000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: isVirtualMachine
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043923531.0000015D4EA04000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VBoxService.exe
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: C:\VBoxService.exeg
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: C:\VBoxService.exe
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmtoolsd.exe
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038997652.0000003959FC8000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VBoxService.exe
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: C:\vmtoolsd.exeI
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmtoolsd.exe\
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2047709993.0000015D4EA09000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2045675630.0000015D4EA05000.00000004.00000020.00020000.00000000.sdmp, 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2043923531.0000015D4EA04000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: isVirtualMachine
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: \\?\C:\VBoxService.exe
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2046461726.0000015D4CF60000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmtoolsd.exe\I
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: \\?\C:\VBoxService.exe!
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VBoxService.exe\
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: C:\vmtoolsd.exe
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000002.2049637505.00007FF6C46E2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: lgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmcIGfE
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: C:\vmtoolsd.exey
Source: 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe, 00000000.00000003.2038601599.000000D3F9640000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: \\?\C:\vmtoolsd.exe

Queries information about the installed CPU (vendor, model number etc)

Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Queries volume information: C:\Users\user\Desktop\313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe VolumeInformation

Jump to behavior

ID:	1561625
Product:	CloudBasic
Start time:	01:06:11
Start date:	24.11.2024
Sample:	313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	e798e063c5947433498952d70975bf3e
SHA1:	11505b6de23aba4a9a66b48339616080b8e89239
SHA256:	313e4225be01a2f968dd52e4e8c0b9fd08c906289779b2e65b445759f9274a3d
Filetype:	Win64 Executable Console (202006/5) 92.65%

Windows Analysis Report
313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Windows Analysis Report 313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Windows Analysis Report
313e4225be01a2f968dd52e4e8c0b9fd08c906289779b.exe