Windows Analysis Report
WeChat-Setup (3).exe

Overview

General Information

Sample name: WeChat-Setup (3).exe
Analysis ID: 1562678
MD5: 565a84e92861a1aa6e96c8b2f95495bb
SHA1: 0e43a28323124b99f37de8b4ec1230228af8a759
SHA256: e4d894b1d5e983b341fcf292ff8302414099f0a5f8eaa07e8a69e9b62332292b
Tags: checkexeinstalltestuser-Pekomposo19999
Infos:

Detection

Score: 28
Range: 0 - 100
Whitelisted: false
Confidence: 0%

Signatures

Drops large PE files
Contains functionality for read data from the clipboard
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables security privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Installs a raw input device (often for capturing keystrokes)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses 32bit PE files
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Uses 32bit PE files
Source: WeChat-Setup (3).exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d1788b9d-fe46-5f15-8398-75060bd3532c Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File created: C:\Users\user\AppData\Local\Temp\nsoAF77.tmp\7z-out\LICENSE.electron.txt Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File created: C:\Users\user\AppData\Local\Programs\wechatapp\LICENSE.electron.txt Jump to behavior
Source: WeChat-Setup (3).exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Dev\elevate\bin\x86\Release\Elevate.pdb source: WeChat-Setup (3).exe, 00000000.00000003.1980997703.0000000002EA4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ffmpeg.dll.pdb source: WeChat-Setup (3).exe, 00000000.00000003.1884152741.00000000051D2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdb source: WeChat-Setup (3).exe, 00000000.00000003.1882456833.00000000051D7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdbGCTL source: WeChat-Setup (3).exe, 00000000.00000003.1882456833.00000000051D7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .Pdb> source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1900516806.00000000051D4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: electron.exe.pdb source: WeChat-Setup (3).exe, 00000000.00000003.1855131370.0000000007430000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: libGLESv2.dll.pdb source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: vk_swiftshader.dll.pdb source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1900516806.00000000051D4000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Code function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, 0_2_004059CC
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Code function: 0_2_004065FD FindFirstFileW,FindClose, 0_2_004065FD
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Code function: 0_2_00402868 FindFirstFileW, 0_2_00402868
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File opened: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File opened: C:\Users\user Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File opened: C:\Users\user\AppData\Local\Programs\wechatapp Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File opened: C:\Users\user\AppData Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File opened: C:\Users\user\AppData\Local Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File opened: C:\Users\user\AppData\Local\Programs Jump to behavior
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://10.0.0.1/
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://10.0.0.1:1337/
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://10.0.0.1:80/
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://10.0.0.2/
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://10.0.0.2:1337/
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://10.0.0.2:80/
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://127.0.0.1
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://127.0.0.1/32
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://a.b.example
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/1423136
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/1423136dumpTranslatedShadersWrite
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/342316794
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/345244067
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/355034686
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/355645824
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/355645824Frontend
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40096371
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40096371expandIntegerPowExpressionsThe
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40096454
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40096464
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40096480
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40096530
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40096539
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40096601
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40096608
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40096608allowES3OnFL100Allow
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40096643
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40096648
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40096661
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40096758
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40096838
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40096838cacheCompiledShaderEnable
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40644593
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40644627
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40644627skipVSConstantRegisterZeroIn
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40644663
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40644715
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40644730
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40644740
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40644747
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40644776
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40644912
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/40644912enableTranslatedShaderSubstitutionCheck
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/41488637
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/41493495
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42260492
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42260591
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42260722
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42261226
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42261713
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42261756
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42261881
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42261882
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42261924
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42261924allowClearForRobustResourceInitSome
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42262115
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42262161
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42262166
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42262239
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42262247
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42262249
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42262258
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42262286
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42262287
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42262386
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42262476
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42262506
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42262605
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42262955
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42263010
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42263031
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42263049
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42263158
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42263239
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42263322
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42263407
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42263477
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42263580
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42263580disableDrawBuffersIndexedDisable
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42263622
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42263629
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42263911
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42263914
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42263960
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42263969
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42264008
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42264071
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42264193
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42264193forceGlErrorCheckingForce
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42264287
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42264287forceRobustResourceInitForce-enable
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42264422
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42264443
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42264446
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42264571
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42264571forceInitShaderVariablesForce-enable
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42264577
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42264669
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42264767
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42264951
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42265147
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42265186
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42265248
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42265353
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42265369
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42265370
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42265407
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42265429
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42265509
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42265509dumpShaderSourceWrite
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42265516
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42265647
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42265841
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42265878
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42265957
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42265995
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42266019
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42266021
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42266024
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42266194
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42266194disableAnisotropicFilteringDisable
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42266231
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42266231enableShaderSubstitutionCheck
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42266232
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42266232disableProgramCachingDisables
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42266602
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42266610
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42266652
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42266666
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42266725
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42266842
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42266842uncurrentEglSurfaceUponSurfaceDestroyMake
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42266906
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42266976
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42267038
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42267045
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42267057
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42267082
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42267082ProgramGL::postLinkJobImpl
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42267095
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://anglebug.com/42267113
Source: WeChat-Setup (3).exe, 00000000.00000003.1745642016.0000000005830000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://casper.beckman.uiuc.edu/~c-tsai4
Source: WeChat-Setup (3).exe, 00000000.00000003.1745642016.0000000005830000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://chasen.aist-nara.ac.jp/chasen/distribution.html
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cldr.unicode.org/index/downloads
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://code.google.com/p/closure-compiler/wiki/SourceMaps
Source: WeChat-Setup (3).exe, 00000000.00000003.1745642016.0000000005830000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://code.google.com/p/lao-dictionary/
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://code.google.com/p/python-gflags/
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://code.google.com/p/smhasher/
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crbug.com/1094869
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crbug.com/110263
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crbug.com/1144207
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crbug.com/1171371
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crbug.com/1181068
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crbug.com/1181193
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crbug.com/1420130
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crbug.com/1434317
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crbug.com/1456243
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crbug.com/308366
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crbug.com/350528343
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crbug.com/403957
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crbug.com/550292
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crbug.com/565179
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crbug.com/642227
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crbug.com/642605
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crbug.com/644669
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crbug.com/650547
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crbug.com/672380
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crbug.com/709351
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crbug.com/797243
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crbug.com/809422
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crbug.com/830046
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crbug.com/883276
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crbug.com/927470
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crbug.com/941620
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crbug.com/941620allowTranslateUniformBlockToStructuredBufferThere
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://example.no
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://example.sub
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://git.linuxtv.org/v4l-utils.git
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://google.github.io/snappy/
Source: WeChat-Setup (3).exe, 00000000.00000003.1980997703.0000000002EA4000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://int3.de/
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://issuetracker.google.com/200067929
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://jongleberry.com)
Source: WeChat-Setup (3).exe, 00000000.00000003.1745642016.0000000005830000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://lao-dictionary.googlecode.com/git/Lao-Dictionary-LICENSE.txt
Source: WeChat-Setup (3).exe, 00000000.00000003.1745642016.0000000005830000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://lao-dictionary.googlecode.com/git/Lao-Dictionary.txt
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://no.sub.example
Source: WeChat-Setup (3).exe, 00000000.00000000.1675403968.000000000040A000.00000008.00000001.01000000.00000003.sdmp, WeChat-Setup (3).exe, 00000000.00000002.2050912307.000000000040A000.00000004.00000001.01000000.00000003.sdmp String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://opensource.org/licenses/MIT
Source: WeChat-Setup (3).exe, 00000000.00000003.1745642016.0000000005830000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://opensource.org/licenses/bsd-license.php
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://opensource.perlig.de/rjsmin/
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://skbug.com/9491
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1745642016.0000000005830000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://source.android.com/
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1745642016.0000000005830000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://source.android.com/compatibility)
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1854555992.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.js
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://stackoverflow.com/a/16459606/376773
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://stackoverflow.com/a/398120/376773
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://stackoverflow.com/a/5982798/376773
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://sub.example
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://sub.example:1337
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://sub.example:80
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://substack.net
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://tjholowaychuk.com)
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://unexpected.proxy
Source: WeChat-Setup (3).exe, 00000000.00000003.1745642016.0000000005830000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://website-archive.mozilla.org/www.mozilla.org/mpl/MPL/NPL/1.1/):
Source: WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/licenses/
Source: WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1854555992.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1745642016.0000000005830000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.apple.com/legal/guidelinesfor3rdparties.html.
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.ecma-international.org/memento/codeofconduct.htm
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.finesse.demon.co.uk/steven/sqrt.html.
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.freedesktop.org/wiki/Software/xdg-user-dirs
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.gutenberg.org/ebooks/53).
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.jaredhanson.net/
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.linux-usb.org/usb-ids.html
Source: WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/MPL/
Source: WeChat-Setup (3).exe, 00000000.00000003.1745642016.0000000005830000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.mozilla.org/NPL/
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1745642016.0000000005830000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.opensource.apple.com/apsl/
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1745642016.0000000005830000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.opensource.org/licenses/bsd-license.php
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.pertinentdetail.org/sqrt
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.ploscompbiol.org/static/license
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.polymer-project.org
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.portaudio.com
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.softsynth.com
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1745642016.0000000005830000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.unicode.org/copyright.html
Source: WeChat-Setup (3).exe, 00000000.00000003.1745642016.0000000005830000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://www.unicode.org/copyright.html.
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.webrtc.org
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://x.prefexample
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://zlib.net/
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://%s:%d/.well-known/masque/udp/%s/%d/
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://%s:%d/.well-known/masque/udp/%s/%d/Net.QuicStreamFactory.DefaultNetworkMatchNet.QuicSession.
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://aka.ms/tsconfig.json
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://android.googlesource.com/platform/external/puffin
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/360031000
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/40096376
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/40096712
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/40644738
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/40644850
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/41488638
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42263273
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42263540
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42263702
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42264072
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42264383
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42265636
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42265637
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42265720
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42265720enableCaptureLimitsSet
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42265782
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42265792
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42265794
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42265839
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42265854
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42265877
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42265958
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42266070
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42266183
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42266319
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42266364
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42266740
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42266745
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42266748
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42266811
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42266842
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42267038
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/42267098
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://anglebug.com/8646
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.htmlMixed
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=3056
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=4118
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chromestatus.com/feature/5105856067141632.
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1855131370.0000000007430000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://chromium.googlesource.com/chromium/src/
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chromium.googlesource.com/external/github.com/intel/tinycbor.git
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chromium.googlesource.com/vulkan-deps/
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chromium.googlesource.com/webm/libwebm
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://chromium.googlesource.com/webm/libwebp
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=25916
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/1038223.
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/1042393
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/1046462
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/1060012
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/1091824
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/1137851
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/1300575
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/1356053
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/40279678
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/40488750
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/593024
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/593024selectViewInGeometryShaderThe
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.00000000071D6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/619103.
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.00000000071D6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/619103.Subsequence
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/650547
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/650547callClearTwiceUsing
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/655534
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/655534useSystemMemoryForConstantBuffersCopying
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/705865
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/710443
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/811661
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/848952
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/927119
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/927119Blink.Script.SchedulingTypeScriptLoader
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/981419
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://creativecommons.org/licenses/by/3.0/
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://developer.chrome.com/blog/enabling-shared-array-buffer/
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://developer.chrome.com/docs/extensions/mv3/cross-origin-isolation/.
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://developer.mozilla.org/en-US/docs/Tools/Web_Console#Styling_messages
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1745642016.0000000005830000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://developers.google.com/android/guides/setup
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://eslint.org/docs/rules/no-buffer-constructor)
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://feross.org
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://feross.org/opensource
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://feross.org/support
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://git.io/debug_fd)
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/ChALkeR
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/ChALkeR/safer-buffer.git
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/Cyan4973/xxHash
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/GPUOpen-LibrariesAndSDKs/VulkanMemoryAllocator
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/GoogleChrome/web-vitals
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/GoogleChromeLabs/text-fragments-polyfill
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/KhronosGroup/SPIRV-Headers
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/KhronosGroup/SPIRV-Headers.git
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/KhronosGroup/SPIRV-Tools
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/KhronosGroup/SPIRV-Tools.git
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/KhronosGroup/Vulkan-Headers
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/KhronosGroup/Vulkan-Loader
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/Maratyszcza/pthreadpool
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/Nicoshev/rapidhash
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/Nicoshev/rapidhash/blob/master/rapidhash.h
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/PortAudio/portaudio/tree/master/src/common
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/ReactiveX/rxjs
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/Rob--W/proxy-from-env#readme
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/Rob--W/proxy-from-env.git
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/SeleniumHQ/selenium/tree/trunk
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/Squirrel/Squirrel.Mac
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/WICG/construct-stylesheets/issues/119#issuecomment-588352418.
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/WICG/construct-stylesheets/issues/119#issuecomment-588352418.border-boxcontent-bo
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/WICG/scheduling-apis
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/WICG/shared-element-transitions/blob/main/debugging_overflow_on_images.md.
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/WICG/view-transitions/blob/main/debugging_overflow_on_images.md
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/WebAssembly/wasm-c-api/
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/aawc/unrar.git
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/brailcom/speechd
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/chalker/safer-buffer#why-not-safe-buffer)
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/chalker/safer-buffer#why-not-safe-buffer).
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/dpranke/typ.git
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/etingof/pyasn1
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/facebook/react-native/pull/1632
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/facebook/zstd
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/feross/safe-buffer
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/flutter/flutter/issues/47164
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/flutter/flutter/issues/47804
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/diff-match-patch/tree/master/javascript
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/distributed_point_functions
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/google-api-cpp-client/
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/pprof/tree/master/proto
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/private-join-and-compute
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/protobuf
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/re2
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/ruy
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/securemessage
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/sentencepiece
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/shell-encryption
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/ukey2
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/wicked-good-xpath
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/woff2
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/wuffs-mirror-release-c
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/google/xnnpack
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/inspect-js/object-inspect
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/intel/libva
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/joyeecheung/node-dep-codemod#dep005)
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/joyent/node/issues/1726
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/joyent/node/pull/7878
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/jrmuizel/qcms/tree/v4
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/ljharb
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/ljharb/qs
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/ljharb/qs.git
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/ljharb/qs/graphs/contributors)
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/ljharb/set-function-length#readme
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/ljharb/set-function-length.git
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/ljharb/side-channel#readme
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/ljharb/side-channel.git
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/mysticatea/eslint-plugin-node/blob/master/docs/rules/no-deprecated-api.md)
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/Release#release-schedule)).
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/issues/2119
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/1771#issuecomment-119351671
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/nodejs/node/pull/35407#issuecomment-700693439
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/patrickhulce/third-party-web
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/pillarjs/path-to-regexp.git
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/pillarjs/send/issues)
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/protocolbuffers/protobuf-javascript
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/protocolbuffers/protobuf/blob/master/java/lite.md
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/puppeteer/puppeteer/tree/main/packages/puppeteer-core
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/simplejson/simplejson
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/sponsors/feross
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/sponsors/ljharb
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/stream-utils/raw-body/issues)
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/tensorflow/models
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/tensorflow/tensorflow
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/tensorflow/text.git
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/tensorflow/tflite-support
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/test262-utils/test262-harness-py
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.00000000071D6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/w3c/ServiceWorker/issues/1356.
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.00000000071D6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/w3c/ServiceWorker/issues/1356.Property
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4805
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4805Custom
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/w3c/gamepad/pull/120
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/w3c/gamepad/pull/120Access
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-featuresDeviceOri
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/wasdk/wasmparser
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/wesleytodd/setprototypeof
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/wesleytodd/setprototypeof.git
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/xiph/rnnoise
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/zeux/volk
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://github.com/zorkow/speech-rule-engine
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gitlab.freedesktop.org/xorg/proto/xproto/
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://goo.gl/LdLk22
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://goo.gl/LdLk22Media
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://goo.gl/LdLk22RemoveElementFromDocumentMapit
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://goo.gl/t5IS6M).
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://goo.gle/chrome-insecure-origins
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://hg.mozilla.org/mozilla-central/file/tip/netwerk/base/nsURLParsers.cpp
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/155487768
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/161903006
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/166809097
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/184850002
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/187425444
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/220069903
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/220069903emulatePixelLocalStorageEmulate
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/229267970
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/250706693
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/253522366
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/255411748
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/258207403
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/274859104
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/284462263
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/288119108
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/292282210
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/292285899
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/292285899forceMinimumMaxVertexAttributesForce
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/309028728
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/311022968
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/328301788
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/328837151
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/336844257
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/347601787
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/349489248
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://issuetracker.google.com/349489248rejectWebglShadersWithUndefinedBehaviorAttempts
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.00000000071D6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/en/docs/inspector
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.00000000071D6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/en/docs/inspectorFor
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.00000000071D6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/static/images/favicons/favicon.ico
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.00000000071D6000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://nodejs.org/static/images/favicons/favicon.icofaviconUrldevtoolsFrontendUrldevtoolsFrontendUr
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://opensource.apple.com/source/xnu/
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://polymer-library.polymer-project.org
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ponyfill.com/)
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pypi.org/project/pyparsing
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pypi.org/project/six/
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pypi.python.org/pypi/pyfakefs
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://pypi.python.org/pypi/webapp2
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://quiche.googlesource.com/quiche
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://redux.js.org/
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://robwu.nl/)
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://shorturl.at/drFY7)
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sites.google.com/site/gaviotachessengine/Home/endgame-tablebases-1
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sizzlejs.com/
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://skia.org/
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://source.chromium.org/chromium/chromium/src/
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://source.corp.google.com/piper///depot/google3/third_party/tamachiyomi/README.md
Source: WeChat-Setup (3).exe, 00000000.00000003.1745642016.0000000005830000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://sourceforge.net/project/?group_id=1519
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sourceforge.net/projects/wtl/files/WTL%2010/
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sqlite.org/
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://swiftshader.googlesource.com/SwiftShader
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tidelift.com/funding/github/npm/object-inspect
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://tools.ietf.org/html/rfc3492#section-3.4
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tukaani.org/xz/
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tukaani.org/xz/>.
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://url.spec.whatwg.org/#forbidden-host-code-point
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://v8.dev/
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://w3c.github.io/aria/#aria-hidden.
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://w3c.github.io/aria/#aria-hidden.Blocked
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://w3c.github.io/uievents/#legacy-event-types)
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://webkit.org/
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.apache.org/licenses/
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.chromestatus.com/feature/5738264052891648
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.chromestatus.com/feature/5738264052891648Renderer.Font.PrimaryFont.FCPRenderer.Font.Prim
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.chromium.org
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.ecma-international.org/ecma-262/5.1/#sec-15.1.3.4
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.khronos.org/registry/
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.khronos.org/spir/visualizer/
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.npmjs.com/package/buffer-alloc)
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.npmjs.com/package/buffer-from)
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.npmjs.com/package/safe-buffer)
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.npmjs.com/package/safer-buffer)
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.opensource.org/licenses/bsd-license.php)
Source: WeChat-Setup (3).exe, 00000000.00000003.1980556048.00000000051D6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.patreon.com/feross
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.unicode.org/copyright.html.
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://xhr.spec.whatwg.org/.
Source: WeChat-Setup (3).exe, 00000000.00000003.1745852459.0000000005D30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1891159179.00000000051DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://zod.dev
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Code function: 0_2_00405461 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard, 0_2_00405461
Installs a raw input device (often for capturing keystrokes)
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.00000000071D6000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: RegisterRawInputDevices() failed for RIDEV_REMOVE memstr_64611fd7-d

System Summary
barindex
Drops large PE files
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File dump: WeChat.exe.0.dr 188637696 Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File dump: WeChat.exe0.0.dr 188637696 Jump to dropped file
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Code function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,CoUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_0040338F
Detected potential crypto function
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Code function: 0_2_00406B15 0_2_00406B15
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Code function: 0_2_004072EC 0_2_004072EC
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Code function: 0_2_00404C9E 0_2_00404C9E
Enables security privileges
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Process token adjusted: Security Jump to behavior
PE file contains more sections than normal
Source: WeChat.exe0.0.dr Static PE information: Number of sections : 15 > 10
Source: WeChat.exe.0.dr Static PE information: Number of sections : 15 > 10
Sample file is different than original file name gathered from version info
Source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamelibGLESv2.dllb! vs WeChat-Setup (3).exe
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamevk_swiftshader.dll, vs WeChat-Setup (3).exe
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamelibGLESv2.dllb! vs WeChat-Setup (3).exe
Source: WeChat-Setup (3).exe, 00000000.00000003.1909583600.00000000051D3000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename. vs WeChat-Setup (3).exe
Source: WeChat-Setup (3).exe, 00000000.00000003.1900516806.00000000051D4000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamevk_swiftshader.dll, vs WeChat-Setup (3).exe
Source: WeChat-Setup (3).exe, 00000000.00000003.1980997703.0000000002EA4000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameElevate.exeH vs WeChat-Setup (3).exe
Source: WeChat-Setup (3).exe, 00000000.00000003.1882456833.00000000051D7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs WeChat-Setup (3).exe
Source: WeChat-Setup (3).exe, 00000000.00000003.1854555992.0000000006B30000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilename. vs WeChat-Setup (3).exe
Source: WeChat-Setup (3).exe, 00000000.00000003.1751126439.0000000005D16000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs WeChat-Setup (3).exe
Uses 32bit PE files
Source: WeChat-Setup (3).exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engine Classification label: sus28.winEXE@8/136@0/0
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Code function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,CoUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_0040338F
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Code function: 0_2_00404722 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW, 0_2_00404722
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Code function: 0_2_00402104 CoCreateInstance, 0_2_00402104
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File created: C:\Users\user\AppData\Local\Programs Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Mutant created: NULL
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Mutant created: \Sessions\1\BaseNamedObjects\mfx_d3d_mutex
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Mutant created: \Sessions\1\BaseNamedObjects\d1788b9d-fe46-5f15-8398-75060bd3532c
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File created: C:\Users\user\AppData\Local\Temp\nseAE4E.tmp Jump to behavior
Source: WeChat-Setup (3).exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000007278000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: SELECT name FROM sqlite_master WHERE type='table';
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File read: C:\Users\user\Desktop\WeChat-Setup (3).exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\WeChat-Setup (3).exe "C:\Users\user\Desktop\WeChat-Setup (3).exe"
Source: unknown Process created: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe "C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe"
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process created: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe "C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\WeChat" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1800,i,12753569820527524874,9323361878095804256,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1792 /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process created: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe "C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\WeChat" --field-trial-handle=3268,i,12753569820527524874,9323361878095804256,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3160 /prefetch:3
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process created: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe "C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\WeChat" --app-path="C:\Users\user\AppData\Local\Programs\wechatapp\resources\app.asar" --enable-sandbox --disable-background-timer-throttling --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1732562556198562 --launch-time-ticks=4871634903 --field-trial-handle=3412,i,12753569820527524874,9323361878095804256,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3400 --high-entropy-va /prefetch:1
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process created: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe "C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\WeChat" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1800,i,12753569820527524874,9323361878095804256,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1792 /prefetch:2 Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process created: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe "C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\WeChat" --field-trial-handle=3268,i,12753569820527524874,9323361878095804256,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3160 /prefetch:3 Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process created: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe "C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\WeChat" --app-path="C:\Users\user\AppData\Local\Programs\wechatapp\resources\app.asar" --enable-sandbox --disable-background-timer-throttling --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1732562556198562 --launch-time-ticks=4871634903 --field-trial-handle=3412,i,12753569820527524874,9323361878095804256,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3400 --high-entropy-va /prefetch:1 Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: iconcodecservice.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: windows.fileexplorer.common.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: ntshrui.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: linkinfo.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: cscapi.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: sxs.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: ffmpeg.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: dbgcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: kbdus.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: windows.ui.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: windowmanagementapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: inputhost.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: twinapi.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: mscms.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: coloradapterclient.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: mmdevapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: devobj.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: iconcodecservice.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: dataexchange.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: d3d11.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: windows.globalization.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: bcp47mrm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: twinapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: directmanipulation.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: msspellcheckingfacility.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: netprofm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: npmproxy.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: ffmpeg.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: dbgcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: dxcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: dxgi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: resourcepolicyclient.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: mf.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: mfplat.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: rtworkq.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: dcomp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: ffmpeg.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: dwrite.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: dbgcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: kbdus.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: netprofm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: npmproxy.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Section loaded: mswsock.dll
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d1788b9d-fe46-5f15-8398-75060bd3532c Jump to behavior
Source: WeChat-Setup (3).exe Static file information: File size 82367982 > 1048576
Source: WeChat-Setup (3).exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Dev\elevate\bin\x86\Release\Elevate.pdb source: WeChat-Setup (3).exe, 00000000.00000003.1980997703.0000000002EA4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ffmpeg.dll.pdb source: WeChat-Setup (3).exe, 00000000.00000003.1884152741.00000000051D2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdb source: WeChat-Setup (3).exe, 00000000.00000003.1882456833.00000000051D7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdbGCTL source: WeChat-Setup (3).exe, 00000000.00000003.1882456833.00000000051D7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .Pdb> source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1900516806.00000000051D4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: electron.exe.pdb source: WeChat-Setup (3).exe, 00000000.00000003.1855131370.0000000007430000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: libGLESv2.dll.pdb source: WeChat-Setup (3).exe, 00000000.00000003.1888602072.00000000051D9000.00000004.00000020.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: vk_swiftshader.dll.pdb source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp, WeChat-Setup (3).exe, 00000000.00000003.1900516806.00000000051D4000.00000004.00000020.00020000.00000000.sdmp
PE file contains sections with non-standard names
Source: libGLESv2.dll.0.dr Static PE information: section name: .gxfg
Source: libGLESv2.dll.0.dr Static PE information: section name: .retplne
Source: libGLESv2.dll.0.dr Static PE information: section name: _RDATA
Source: vk_swiftshader.dll.0.dr Static PE information: section name: .gxfg
Source: vk_swiftshader.dll.0.dr Static PE information: section name: .retplne
Source: vk_swiftshader.dll.0.dr Static PE information: section name: _RDATA
Source: vulkan-1.dll.0.dr Static PE information: section name: .gxfg
Source: vulkan-1.dll.0.dr Static PE information: section name: .retplne
Source: vulkan-1.dll.0.dr Static PE information: section name: _RDATA
Source: ffmpeg.dll.0.dr Static PE information: section name: .gxfg
Source: ffmpeg.dll.0.dr Static PE information: section name: .retplne
Source: ffmpeg.dll.0.dr Static PE information: section name: _RDATA
Source: libEGL.dll.0.dr Static PE information: section name: .gxfg
Source: libEGL.dll.0.dr Static PE information: section name: .retplne
Source: libEGL.dll.0.dr Static PE information: section name: _RDATA
Source: libGLESv2.dll0.0.dr Static PE information: section name: .gxfg
Source: libGLESv2.dll0.0.dr Static PE information: section name: .retplne
Source: libGLESv2.dll0.0.dr Static PE information: section name: _RDATA
Source: vk_swiftshader.dll0.0.dr Static PE information: section name: .gxfg
Source: vk_swiftshader.dll0.0.dr Static PE information: section name: .retplne
Source: vk_swiftshader.dll0.0.dr Static PE information: section name: _RDATA
Source: vulkan-1.dll0.0.dr Static PE information: section name: .gxfg
Source: vulkan-1.dll0.0.dr Static PE information: section name: .retplne
Source: vulkan-1.dll0.0.dr Static PE information: section name: _RDATA
Source: WeChat.exe.0.dr Static PE information: section name: .gxfg
Source: WeChat.exe.0.dr Static PE information: section name: .retplne
Source: WeChat.exe.0.dr Static PE information: section name: .rodata
Source: WeChat.exe.0.dr Static PE information: section name: CPADinfo
Source: WeChat.exe.0.dr Static PE information: section name: LZMADEC
Source: WeChat.exe.0.dr Static PE information: section name: _RDATA
Source: WeChat.exe.0.dr Static PE information: section name: malloc_h
Source: WeChat.exe.0.dr Static PE information: section name: prot
Source: WeChat.exe0.0.dr Static PE information: section name: .gxfg
Source: WeChat.exe0.0.dr Static PE information: section name: .retplne
Source: WeChat.exe0.0.dr Static PE information: section name: .rodata
Source: WeChat.exe0.0.dr Static PE information: section name: CPADinfo
Source: WeChat.exe0.0.dr Static PE information: section name: LZMADEC
Source: WeChat.exe0.0.dr Static PE information: section name: _RDATA
Source: WeChat.exe0.0.dr Static PE information: section name: malloc_h
Source: WeChat.exe0.0.dr Static PE information: section name: prot
Source: ffmpeg.dll0.0.dr Static PE information: section name: .gxfg
Source: ffmpeg.dll0.0.dr Static PE information: section name: .retplne
Source: ffmpeg.dll0.0.dr Static PE information: section name: _RDATA
Source: libEGL.dll0.0.dr Static PE information: section name: .gxfg
Source: libEGL.dll0.0.dr Static PE information: section name: .retplne
Source: libEGL.dll0.0.dr Static PE information: section name: _RDATA
Drops PE files
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File created: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File created: C:\Users\user\AppData\Local\Programs\wechatapp\ffmpeg.dll Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File created: C:\Users\user\AppData\Local\Temp\nsoAF77.tmp\nsis7z.dll Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File created: C:\Users\user\AppData\Local\Programs\wechatapp\libEGL.dll Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File created: C:\Users\user\AppData\Local\Temp\nsoAF77.tmp\7z-out\libGLESv2.dll Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File created: C:\Users\user\AppData\Local\Temp\nsoAF77.tmp\SpiderBanner.dll Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File created: C:\Users\user\AppData\Local\Temp\nsoAF77.tmp\7z-out\d3dcompiler_47.dll Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File created: C:\Users\user\AppData\Local\Programs\wechatapp\d3dcompiler_47.dll Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File created: C:\Users\user\AppData\Local\Temp\nsoAF77.tmp\7z-out\vk_swiftshader.dll Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File created: C:\Users\user\AppData\Local\Programs\wechatapp\vk_swiftshader.dll Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File created: C:\Users\user\AppData\Local\Temp\nsoAF77.tmp\7z-out\ffmpeg.dll Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File created: C:\Users\user\AppData\Local\Temp\nsoAF77.tmp\7z-out\WeChat.exe Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File created: C:\Users\user\AppData\Local\Temp\nsoAF77.tmp\7z-out\libEGL.dll Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File created: C:\Users\user\AppData\Local\Programs\wechatapp\libGLESv2.dll Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File created: C:\Users\user\AppData\Local\Temp\nsoAF77.tmp\StdUtils.dll Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File created: C:\Users\user\AppData\Local\Programs\wechatapp\vulkan-1.dll Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File created: C:\Users\user\AppData\Local\Temp\nsoAF77.tmp\7z-out\resources\elevate.exe Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File created: C:\Users\user\AppData\Local\Temp\nsoAF77.tmp\7z-out\vulkan-1.dll Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File created: C:\Users\user\AppData\Local\Temp\nsoAF77.tmp\System.dll Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File created: C:\Users\user\AppData\Local\Temp\nsoAF77.tmp\nsExec.dll Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File created: C:\Users\user\AppData\Local\Temp\nsoAF77.tmp\7z-out\LICENSE.electron.txt Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File created: C:\Users\user\AppData\Local\Programs\wechatapp\LICENSE.electron.txt Jump to behavior
Stores files to the Windows start menu directory
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeChat.lnk Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Windows\explorer.exe Window / User API: foregroundWindowGot 848 Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsoAF77.tmp\nsis7z.dll Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\wechatapp\libEGL.dll Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsoAF77.tmp\7z-out\libGLESv2.dll Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsoAF77.tmp\SpiderBanner.dll Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsoAF77.tmp\7z-out\d3dcompiler_47.dll Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\wechatapp\d3dcompiler_47.dll Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsoAF77.tmp\7z-out\vk_swiftshader.dll Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\wechatapp\vk_swiftshader.dll Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsoAF77.tmp\7z-out\libEGL.dll Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\wechatapp\libGLESv2.dll Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsoAF77.tmp\StdUtils.dll Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\wechatapp\vulkan-1.dll Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsoAF77.tmp\7z-out\resources\elevate.exe Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsoAF77.tmp\7z-out\vulkan-1.dll Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsoAF77.tmp\System.dll Jump to dropped file
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsoAF77.tmp\nsExec.dll Jump to dropped file
Queries keyboard layouts
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809 Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809 Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe File Volume queried: C:\Users\user\AppData\Roaming\WeChat\Code Cache\wasm FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe File Volume queried: C:\Users\user\AppData\Roaming\WeChat\blob_storage\0e33d1a9-6704-4aba-90a8-ac719f5d9c8d FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe File Volume queried: C:\Users\user\AppData\Roaming\WeChat\Code Cache\js FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe File Volume queried: C:\Users\user\AppData\Roaming\WeChat FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Code function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose, 0_2_004059CC
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Code function: 0_2_004065FD FindFirstFileW,FindClose, 0_2_004065FD
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Code function: 0_2_00402868 FindFirstFileW, 0_2_00402868
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File opened: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File opened: C:\Users\user Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File opened: C:\Users\user\AppData\Local\Programs\wechatapp Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File opened: C:\Users\user\AppData Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File opened: C:\Users\user\AppData\Local Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe File opened: C:\Users\user\AppData\Local\Programs Jump to behavior
Source: explorer.exe, 00000008.00000000.2065777372.00000000098A8000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: k&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: VMware
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: bCK1sK9IRQq9qEmUv4RDsNuESgMjGWdqb8FuvAY5N9GIIvejQjBAMA8GA1UdEwEB/wQFMAMB
Source: explorer.exe, 00000008.00000000.2064617442.0000000009815000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: NECVMWar VMware SATA CD00\w
Source: explorer.exe, 00000008.00000000.2053916814.00000000078A0000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}$
Source: explorer.exe, 00000008.00000000.2065777372.00000000098A8000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 00000008.00000000.2047460973.0000000001240000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000000}
Source: explorer.exe, 00000008.00000000.2053916814.00000000079FB000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000008.00000000.2065777372.0000000009977000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: VMware SATA CD00
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: (IsLinux() && isVMWare) || (IsAndroid() && isNvidia) || (IsAndroid() && GetAndroidSDKVersion() < 27 && IsAdreno5xxOrOlder(functions)) || (!isMesa && IsMaliT8xxOrOlder(functions)) || (!isMesa && IsMaliG31OrOlder(functions))
Source: WeChat-Setup (3).exe, 00000000.00000003.1981382525.0000000002E98000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: 63}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000008.00000000.2053916814.00000000078AD000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: NXTTAVMWare
Source: explorer.exe, 00000008.00000000.2064617442.0000000009815000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f&0&000000
Source: WeChat-Setup (3).exe, 00000000.00000003.1763656750.0000000006B30000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: ZAMDARMAppleBroadcomGoogleIntelMesaMicrosoftNVIDIAImagination TechnologiesQualcommSamsung Electronics Co., Ltd.VivanteVMwareVirtIOTest
Source: explorer.exe, 00000008.00000000.2064617442.00000000097D4000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: explorer.exe, 00000008.00000000.2065777372.0000000009977000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: WeChat-Setup (3).exe, 00000000.00000003.1884152741.00000000051D2000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: vmncVMware Screen Codec / VMware Videovp5On2 VP5vp6On2 VP6vp6fOn2 VP6 (Flash version)targaTruevision Targa imageimage/x-targaimage/x-tgaR
Source: explorer.exe, 00000008.00000000.2053916814.0000000007A34000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWen-GBnx
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: lgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmcIGfE
Source: explorer.exe, 00000008.00000000.2047460973.0000000001240000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: explorer.exe, 00000008.00000000.2064617442.0000000009660000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000er
Source: WeChat-Setup (3).exe, 00000000.00000003.1884152741.00000000051D2000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMware Screen Codec / VMware Video
Source: explorer.exe, 00000008.00000000.2047460973.0000000001240000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Process information queried: ProcessInformation Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process created: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe "C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\WeChat" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1800,i,12753569820527524874,9323361878095804256,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1792 /prefetch:2 Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process created: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe "C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\WeChat" --field-trial-handle=3268,i,12753569820527524874,9323361878095804256,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3160 /prefetch:3 Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process created: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe "C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Roaming\WeChat" --app-path="C:\Users\user\AppData\Local\Programs\wechatapp\resources\app.asar" --enable-sandbox --disable-background-timer-throttling --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1732562556198562 --launch-time-ticks=4871634903 --field-trial-handle=3412,i,12753569820527524874,9323361878095804256,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3400 --high-entropy-va /prefetch:1 Jump to behavior
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process created: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe "c:\users\user\appdata\local\programs\wechatapp\wechat.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\wechat" --gpu-preferences=uaaaaaaaaadgaaaeaaaaaaaaaaaaaaaaaabgaaeaaaaaaaaaaaaaaaaaaaacaaaaaaaaaaaaaaaaaaaaaaaaabaaaaaaaaaaeaaaaaaaaaaiaaaaaaaaaagaaaaaaaaa --field-trial-handle=1800,i,12753569820527524874,9323361878095804256,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand --variations-seed-version --mojo-platform-channel-handle=1792 /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process created: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe "c:\users\user\appdata\local\programs\wechatapp\wechat.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\wechat" --field-trial-handle=3268,i,12753569820527524874,9323361878095804256,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand --variations-seed-version --mojo-platform-channel-handle=3160 /prefetch:3
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process created: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe "c:\users\user\appdata\local\programs\wechatapp\wechat.exe" --type=renderer --user-data-dir="c:\users\user\appdata\roaming\wechat" --app-path="c:\users\user\appdata\local\programs\wechatapp\resources\app.asar" --enable-sandbox --disable-background-timer-throttling --video-capture-use-gpu-memory-buffer --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1732562556198562 --launch-time-ticks=4871634903 --field-trial-handle=3412,i,12753569820527524874,9323361878095804256,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand --variations-seed-version --mojo-platform-channel-handle=3400 --high-entropy-va /prefetch:1
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process created: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe "c:\users\user\appdata\local\programs\wechatapp\wechat.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\wechat" --gpu-preferences=uaaaaaaaaadgaaaeaaaaaaaaaaaaaaaaaabgaaeaaaaaaaaaaaaaaaaaaaacaaaaaaaaaaaaaaaaaaaaaaaaabaaaaaaaaaaeaaaaaaaaaaiaaaaaaaaaagaaaaaaaaa --field-trial-handle=1800,i,12753569820527524874,9323361878095804256,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand --variations-seed-version --mojo-platform-channel-handle=1792 /prefetch:2 Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process created: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe "c:\users\user\appdata\local\programs\wechatapp\wechat.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\wechat" --field-trial-handle=3268,i,12753569820527524874,9323361878095804256,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand --variations-seed-version --mojo-platform-channel-handle=3160 /prefetch:3 Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Process created: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe "c:\users\user\appdata\local\programs\wechatapp\wechat.exe" --type=renderer --user-data-dir="c:\users\user\appdata\roaming\wechat" --app-path="c:\users\user\appdata\local\programs\wechatapp\resources\app.asar" --enable-sandbox --disable-background-timer-throttling --video-capture-use-gpu-memory-buffer --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --time-ticks-at-unix-epoch=-1732562556198562 --launch-time-ticks=4871634903 --field-trial-handle=3412,i,12753569820527524874,9323361878095804256,262144 --disable-features=sparerendererforsiteperprocess,windelayspellcheckserviceinit,winretrievesuggestionsonlyondemand --variations-seed-version --mojo-platform-channel-handle=3400 --high-entropy-va /prefetch:1 Jump to behavior
Source: explorer.exe, 00000008.00000000.2064617442.0000000009815000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.2053399393.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000008.00000000.2047460973.0000000001240000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: 1Progman$
Source: WeChat-Setup (3).exe, 00000000.00000003.1854797749.0000000006F30000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: ..\..\third_party\webrtc\modules\desktop_capture\win\window_capture_utils.ccFail to create instance of VirtualDesktopManagerChrome_WidgetWin_Progman..\..\third_party\webrtc\modules\desktop_capture\cropping_window_capturer.ccWindow no longer on top when ScreenCapturer finishesScreenCapturer failed to capture a frameWindow rect is emptyWindow is outside of the captured displaySysShadowWebRTC.DesktopCapture.Win.WindowGdiCapturerFrameTime..\..\third_party\webrtc\modules\desktop_capture\win\window_capturer_win_gdi.ccWindow hasn't been selected: Target window has been closed.Failed to get drawable window area: Failed to get window DC: Failed to create frame.Both PrintWindow() and BitBlt() failed.Capturing owned window failed (previous error/warning pertained to that)WindowCapturerWinGdi::CaptureFrameWebRTC.DesktopCapture.BlankFrameDetectedWebRTC.DesktopCapture.PrimaryCapturerSelectSourceErrorWebRTC.DesktopCapture.PrimaryCapturerErrorWebRTC.DesktopCapture.PrimaryCapturerPermanentErrordwmapi.dllDwmEnableComposition..\..\third_party\webrtc\modules\desktop_capture\win\screen_capturer_win_gdi.ccFailed to capture screen by GDI.WebRTC.DesktopCapture.Win.ScreenGdiCapturerFrameTimedesktop_dc_memory_dc_Failed to get screen rect.Failed to create frame buffer.Failed to select current bitmap into memery dc.BitBlt failedScreenCapturerWinGdi::CaptureFrame..\..\third_party\webrtc\modules\desktop_capture\win\cursor.ccwebrtc::CreateMouseCursorFromHCursorUnable to get cursor icon info. Error = Unable to get bitmap info. Error = Unable to get bitmap bits. Error = `
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Users\user VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Users\user\AppData\Local VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Users\user\AppData\Local\Programs\wechatapp\resources VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Users\user\AppData\Local\Programs\wechatapp\resources\app.asar VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\wechatapp\WeChat.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\WeChat-Setup (3).exe Code function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,CoUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_0040338F
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1562678 Sample: WeChat-Setup (3).exe Startdate: 25/11/2024 Architecture: WINDOWS Score: 28 27 Drops large PE files 2->27 6 WeChat-Setup (3).exe 19 199 2->6         started        9 WeChat.exe 49 2->9         started        process3 file4 19 C:\Users\user\AppData\Local\...\nsis7z.dll, PE32 6->19 dropped 21 C:\Users\user\AppData\Local\...\nsExec.dll, PE32 6->21 dropped 23 C:\Users\user\AppData\Local\...\System.dll, PE32 6->23 dropped 25 17 other files (none is malicious) 6->25 dropped 11 WeChat.exe 1 9->11         started        13 WeChat.exe 10 9->13         started        15 explorer.exe 29 8 9->15 injected 17 WeChat.exe 9->17         started        process5
No contacted IP infos